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Abstract 

Random 3CNF formulas constitute an important distribution for measuring the average- 
case behavior of propositional proof systems. Lower bounds for random 3CNF refutations 
in many propositional proof systems are known. Most notably are the exponential-size reso- 
lution refutation lower bounds for random 3CNF formulas with il{n^-^~'^) clauses (Chvatal 
and Szemeredi [14], Ben-Sasson and Wigderson [10]). On the other hand, the only known 
non-trivial upper bound on the size of random 3CNF refutations in a non-abstract proposi- 
tional proof system is for resolution with f2(n^/ logn) clauses, shown by Beame et al. [6]. In 
this paper we show that already standard propositional proof systems, within the hierarchy 
of Frege proofs, admit short refutations for random 3CNF formulas, for sufBciently large 
clause-to-variable ratio. Specifically, we demonstrate polynomial-size propositional refuta- 
tions whose lines are rC° formulas (i.e., TC°-Frege proofs) for random 3CNF formulas with 
n variables and fi(n^-'^) clauses. 

The idea is based on demonstrating efficient propositional correctness proofs of the ran- 
dom 3CNF unsatisfiability witnesses given by Feige, Kim and Ofek [22]. Since the soundness 
of these witnesses is verified using spectral techniques, we develop an appropriate way to 
reason about eigenvectors in propositional systems. To carry out the full argument we work 
inside weak formal systems of arithmetic and use a general translation scheme to proposi- 
tional proofs. 
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1 Introduction 

This paper deals with the average complexity of propositional proofs. Our aim is to show 
that standard propositional proof systems, within the hierarchy of Frege proofs, admit short 
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random 3CNF refutations for a sufficiently large clause-to- variable ratio, and also can outperform 
resolution for random 3CNF formulas in this ratio. Specifically, we show that most 3CNF 
formulas with n variables and at least cn^'^ clauses, for a sufficiently large constant c, have 
polynomial-size in n propositional refutations whose proof-lines are constant depth circuits with 
threshold gates (namely, TC^-Frege proofs). This is in contrast to resolution (that can be 
viewed as depth-1 Frege) for which it is known that most 3CNF formulas with at most n^'^"*^ 
clauses (for < e < ^) do not admit sub-exponential refutations [14, 10]. 

The main technical contribution of this paper is a propositional characterization of the 
random 3CNF unsatisfiability witnesses given by Feige at al. [22]. In particular we show how 
to carry out certain spectral arguments inside weak propositional proof systems such as TC^- 
Frege. The latter should hopefully be useful in further propositional formalizations of spectral 
arguments. This also places a stream of recent results on efficient refutation algorithms using 
spectral arguments — beginning in the work of Goerdt and Krivelevich [26] and culminating in 
Feige et al. [22] — within the framework of propositional proof complexity. Loosely speaking, 
we show that all these refutation algorithms and witnesses, considered from the perspective of 
propositional proof complexity, are not stronger than TC'^-Frege. 

1.1 Background in proof complexity 

Propositional proof complexity is the systematic study of the efficiency of proof systems estab- 
lishing propositional tautologies (or dually, refuting unsatisfiable formulas). Abstractly one can 
view a propositional proof system as a deterministic polynomial-time algorithm A that receives a 
string vr ("the proof) and a propositional formula $ such that there exists a vr with ^(vr, $) = 1 
iff $ is a tautology. Such an A is called an abstract proof system or a Cook-Reckhow proof system 
due to [18]. Nevertheless, most research in proof complexity is dedicated to more concrete or 
structured models, in which proofs are sequences of lines, and each line is derived from previous 
lines by "local" and sound rules. 

Perhaps the most studied family of propositional proof systems are those coming from propo- 
sitional logic, under the name Frege systems, and their fragments (and extensions). In this set- 
ting, proofs are written as sequences of Boolean formulas (proof-lines) where each line is either 
an axiom or was derived from previous lines by means of simple sound derivation rules. The 
complexity of a proof is just the number of symbols it contains, that is, the total size of formu- 
las in it. And different proof systems are compared via the concept of polynomial simulation: 
a proof system P polynomially-simulates another proof system Q if there is a polynomial-time 
computable function / that maps Q-proofs to P-proofs of the same tautologies. The definition of 
Frege systems is sufficiently robust, in the sense that different formalizations can polynomially- 
simulate each other [39]. 

It is common to consider fragments (or extensions) of Frege proof systems induced by re- 
stricting the proof-lines to contain presumably weaker (or stronger) circuit classes than Boolean 
formulas. This stratification of Frege proof systems is thus analogous to that of Boolean circuit 
classes: Frege proofs consist of Boolean formulas (i.e., NC^) as proof-lines, TC'^-Frege (also 
known as Threshold Logic) consists of TC*^ proof-lines. Bounded Depth Frege has AC*^ proof- 
lines, depth-d Frege has circuits of depth-d proof-lines, etc. In this framework, the resolution 
system can be viewed as depth-1 Frege. Similarly, one usually considers extensions of the Frege 
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system such as NC*-Frege, for i > 1, and P/poly-Frege (the latter is polynomially equivalent 
to the known Extended Prege system, as shown by Jefabek [31]). Restrictions (and extensions) 
of Frege proof systems form a hierarchy with respect to polynomial-simulations, though it is 
open whether the hierarchy is proper. 

It thus constitutes one of the main goals of proof complexity to understand the above hierar- 
chy of Frege systems, and to separate different propositional proof systems, that is, to show that 
one proof system does not polynomially simulate another proof system. These questions also 
relate in a certain sense to the hierarchy of Boolean circuits (from AC*^, through, AC'^[p], TC^ , 
NC^, and so forth; see [16]). Many separations between propositional proof systems (not just in 
the Frege hierarchy) are known. In the case of Frege proofs there are already known separations 
between certain fragments of it (e.g., separation of depth-d Frege from depth d + 1 Frege was 
shown by Krajicek [32]). It is also known that TC^-Frege is strictly stronger than both reso- 
lution and bounded depth Frege proof systems, since, e.g., TC'^-Frege admits polynomial-size 
proofs of the propositional pigeonhole principle, while resolution and bounded depth Frege do 
not (see [29] for the resolution lower bound, [1] for the bounded depth Frege lower bound and 
[17] for the corresponding TC'^-Frege upper bound). 

Average-case proof complexity via the random 3CNF model. Much like in algorithmic 
research, it is important to know the average-case complexity of propositional proof systems, 
and not just their worst-case behavior. To this end one usually considers the model of random 
3CNF formulas, where m clauses with three literals each, out of all possible 2'^ • (3) clauses with n 
variables, are chosen independently, with repetitions (however, other possible distributions have 
also been considered in the literature; for a short discussion on these distributions see Section 
1.3). When m is greater than cn for some sufficiently large c (say, c = 5), it is known that 
with high probability a random 3CNF is unsatisfiable. (As m gets larger the task of refuting 
the 3CNF becomes easier since we have more constraints to use.) In average-case analysis of 
proofs we investigate whether such unsatisfiable random 3CNFs also have short (polynomial- 
size) refutations in a given proof system. The importance of average-case analysis of proof 
systems is that it gives us a better understanding of the complexity of a system than merely 
the worst-case analysis. For example, if we separate two proof systems in the average case — i.e., 
show that for almost all 3CNF one proof system admits polynomial-size refutations, while the 
other system does not — we establish a stronger separation. 

Until now only weak proof systems like resolution and Res(A:) (for k < \/log nj log log n; 
the latter system introduced in [34] is an extension of resolution that operates with fcDNF 
formulas) and polynomial calculus (and an extension of it) were analyzed in the random 3CNF 
model; for these systems exponential lower bounds are known for random 3CNFs (with varying 
number of clauses) [14, 6, 10, 5, 40, 2, 9, 3, 25]. For random 3CNFs with n variables and n^'^~^ 
(0 < e < ^) clauses it is known that there are no sub-exponential size resolution refutations [10]. 
For many proof systems, like cutting planes (CP) and bounded depth Frege (AC^-Frege), it is a 
major open problem to prove random 3CNF lower bounds (even for number of clauses near the 
threshold of unsatisfiability, e.g., random 3CNFs with n variables and 5n clauses). The results 
mentioned above only concerned lower bounds. On the other hand, to the best of our knowledge, 
the only known non-trivial polynomial-size upper bound on random /cCNFs refutations in any 
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non-abstract prepositional proof system is for resolution. This is a result of Beame et al. [6], 
and it applies for fairly large number of clauses (specifically, 0(n'^~^/ log n)). 

Efficient refutation algorithms. A different kind of results on refuting random A;CNFs were 
investigated in Goerdt and Krivelevich [26] and subsequent works by Goerdt and Lanka [27], 
Friedman, Goerdt and Krivelevich [24], Feige and Ofek [23] and Feige [21]. Here, one studies 
efficient refutation algorithms for fcCNFs. Specifically, an efficient refutation algorithm receives a 
fcCNF (above the unsatisfiability threshold) and outputs either "unsatisfiable" or "don't know" ; 
if the algorithm answers "unsatisfiable" then the fcCNF is required to be indeed unsatisfiable; 
also, the algorithm should output "unsatisfiable" with high probability (which by definition, is 
also the correct answer). Such refutation algorithms can be viewed as abstract proof systems 
(according to the definition in Subsection 1.1) having short proofs on the average-case: A{^) 
is a deterministic polytime machine whose input is only A;CNFs (we can think of the proposed 
proof vr input as being always the empty string). On input ^> the machine A runs the refutation 
algorithm and answers 1 iff the refutation algorithm answers "unsatisfiable" ; otherwise, A can 
decide, e.g. by brute-force search, whether <I> is unsatisfiable or not. (In a similar manner, if the 
original efficient refutation algorithm is non- deterministic then we also get an abstract proof 
system for /cCNFs; now the proof vr that A receives is the description of an accepting run of the 
refutation algorithm.) 

Goerdt and Krivelevich [26] initiated the use of spectral methods to devise efficient algorithms 
for refuting fcCNFs. The idea is that a fcCNF with n variables can be associated with a graph 
on n vertices (or directly with a certain matrix). It is possible to show that certain properties of 
the associated graph witness the unsatisfiability of the original feCNF. One then uses a spectral 
method to give evidence for the desired graph property, and hence to witness the unsatisfiability 
of the original fcCNF. Now, if we consider a random /cCNF then the associated graph essen- 
tially becomes random too, and so one may show that the appropriate property witnessing the 
unsatisfiability of the /cCNF occurs with high probability in the graph. The best (with respect 
to number of clauses) refutation algorithms devised in this way work for 3CNFs with at least 
Q(ni-5) clauses [23]. 

Continuing this line of research, Feige, Kim and Ofek [22] considered efficient non- 
deterministic refutation algorithms (in other words, efficient witnesses for unsatisfiability of 
3CNFs). They established the currently best (with respect to the number of clauses) efficient, 
alas non-deterministic, refutation procedure: they showed that with probability converging to 
1 a random 3CNF with n variables and at least cn^'^ clauses has a polynomial-size witness, for 
sufficiently big constant c. 

The result in the current paper shows that all the above refutation algorithms, viewed as 
abstract proof systems, are not stronger (on average) than TC^-Frege. The short TC'^-Frege 
refutations will be based on the witnesses from [22], and so the refutations hold for the same 
clause-to-variable ratio as in that paper. 

1.2 Our result 

The main result of this paper is a polynomial-size upper bound on random 3CNF formulas refu- 
tations in a proof system operating with constant-depth threshold circuits (known as Threshold 
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Logic or TC -Frege; see Definition 2.4). Since Frege and Extended Frege proof systems poly- 
nomially simulate TC^'-Frege proofs, the upper bound holds for these proof systems as well. 
(The actual formulation of TC^-Frege is not important since different formulations, given in 
[13, 36, 11, 38, 17], polynomially simulate each other.) 

Theorem 1 With probability 1 — o(l) a random 3 CNF formula withn variables andcv}'^ clauses 
(for a sufficiently large constant c) has polynomial- size TC^ -Frege refutations. 

Beame, Karp, Pitassi, and Saks [6] and Ben-Sasson and Wigderson [10] showed that with 
probability 1 — o(l) resolution does not admit sub-exponential refutations for random 3CNF 
formulas when the number of clauses is at most n^'^~'^, for any constant < e < 1/2.^ Therefore, 
Theorem 1 shows that TC^-Frege has an exponential speed-up over resolution for random 3CNFs 
with at least cn^'^ clauses (when the number of clauses does not exceed n^'^""", for < e < 1/2). 

We now explain the potential significance of our work and its motivations. It is well known 
that most contemporary SAT-solvers are based on the resolution proof system. Formally, this 
means that these SAT-solvers use a backtracking algorithm that branch on a single variable and 
construct in effect a resolution refutation (in case the CNF instance considered is unsatisfiable) . 
(The original backtracking algorithm DPLL constructs a tree-like resolution refutation [20, 19].) 
It was known since [14] that resolution is weak in the average case. Our work gives further impe- 
tus to the quest to build SAT-solvers based on stronger proof systems than resolution. Although 
there is little hope to devise polynomial-time algorithms for constructing minimal TC'^-Frege 
proofs or even resolution refutations (this stems from the conditional non-automatizability re- 
sults for TC'^-Frege and resolution, proved in [11] and [4], respectively), practical experience 
shows that current resolution based SAT-solvers are quite powerful. Therefore, our random 
3CNF upper bounds give more theoretical justification for an attempt to extend SAT-solvers 
beyond resolution. 

Our result also advances the understanding of the relative strength of propositional proof sys- 
tems: proving non-trivial upper bounds clearly rules out corresponding lower bounds attempts. 
We conjecture that random 3CNF upper bounds similar to Theorem 1 could be achieved even 
for systems weaker than TC'^-Frege on the expense of at most a quasipolynomial increase in the 
size of proofs. This might help in understanding the limits of known techniques used to prove 
random 3CNFs lower bounds on resolution and Res(A;) refutations. 

The main result also contributes to our understanding (and possibly to the development 
of) refutation algorithms, by giving an explicit logical characterization of the Feige et al. [22] 
witnesses. This places a stream of recent results on refutation algorithms using spectral methods, 
beginning in Goerdt and Krivelevich [26], in the propositional proof complexity setting (showing 
essentially that these algorithms can be carried out already in TC'^-Frege) . This is a non-trivial 
job, especially because of the need to propositionally simulate spectral arguments. Moreover, 
our formalization of the spectral argument and its short propositional proofs might help in 

^Beame et al. [6] showed such a lower bound for n^''*"'^ number of clauses (for any constant < e < 1/4). 
Ben-Sasson and Wigderson [10] introduced the size-width tradeoff that enabled them to prove an exponential 
lower bound for random 3CNF formulas with n^'^'" number of clauses (for any constant < e < 1/2), but the 
actual proof for this specific clause- number appears in [7]. 
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formalizing different arguments based on spectral techniques (e.g., reasoning about expander 
graphs). 

1.3 Relations to previous works 

The proof complexity of random 3CNF formulas have already been discussed above: for weak 
proof systems like resolution and Res(fc) there are known exponential lower bounds with varying 
number of clauses; with respect to upper bounds, there are known polynomial size resolution 
refutations on random 3CNF formulas with r2(?i^/ log n) number of clauses [6]. Below we shortly 
discuss several known upper and lower bounds on refutations of different distributions than the 
random 3CNF model (this is not an exhaustive list of all distributions studied). 

Ben-Sasson and Bilu [8] have studied the complexity of refuting random 4- Exactly-Half SAT 
formulas. This distribution is defined by choosing at random m clauses out of all possible 
clauses with 4 literals over n variables. A set of clauses is 4^- exactly-half satisfiable iff there 
is an assignment that satisfies exactly two literals in each clause. It is possible to show that 
when m = cn, for sufficiently large constant c, a random 4-Exactly-Half SAT formulas with m 
clauses and n variables is unsatisfiable with high probability. Ben-Sasson and Bilu [8] showed 
that almost all 4- Exactly-Half SAT formulas with m = n ■ log n clauses and n variables do not 
have sub-exponential resolution refutations. On the other hand, [8] provided a polynomial-time 
refutation algorithm for 4-Exactly-Half SAT formulas. 

Another distribution on unsatisfiable formulas that is worth mentioning is 3-LIN formulas 
over the two element field F2, or equivalently 3X0R formulas. A 3-LIN formula is a collection of 
linear equations over F2, where each equation has precisely three variables. When the number 
of randomly chosen linear equations with 3 variables is large enough, one obtains that with high 
probability the collection is unsatisfiable (over F2). It is possible to show that the polynomial 
calculus proof system (see [15] for a definition), as well as TC^-Frege, can efficiently refute such 
random instances with high probability, by simulating Gaussian elimination. 

A different type of distribution over unsatisfiable CNF formulas can possibly be constructed 
from the formulas (termed proof complexity generators) in Krajicek [35]. We refer the reader to 
[35] for more details on this. 

1.4 The structure of the argument 

Here we outline informally (and in some places in a simplified manner) the structure of the 
proof of the main theorem. We need to construct certain TC'^-Frege proofs. Constructing such 
propositional proofs directly is technically cumbersome, and so we opt to construct it indirectly 
by using a first-order (two-sorted) characterization of (short proofs in) TC'^-Frege: we use the 
theory VTC^ introduced in [38] (we follow tightly [17]). When restricted to proving only 
statements of a certain form (formally, formulas), the theory VTC^ characterizes (uniform) 
polynomial-size TC'^-Frege proofs. 

The construction of polynomial-size TC^-Frege refutations for random 3CNF formulas, will 
consist of the following steps: 
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I. Formalize the following statement as a first-order formula: 

V assignment A (C is a 3CNF and w is its FKO unsatisfiabiliy witness — > 

exists a clause Cj in C such that Q {A) = O) , 



(1) 



where an FKO witness is a suitable formalization of the unsatisfiability witness defined by 
Feige, Kim and Ofek [22] . The corresponding predicate is called the FKO predicate. 

II. Prove formula (1) in the theory VTC^ . 

III. Translate the proof in Step II into a family of propositional TC^-Frege proofs (of the 
family of propositional translations of (1)). By Theorem 3.25 (proved in [17]), this will be 
a polynomial-size propositional proof (in the size of C). The translation of (1) will consist 
of a family of propositional formulas of the form: 



where [•]] denotes the mapping from first-order formulas to families of propositional formu- 
las. By the nature of the propositional translation (second-sort) variables in the original 
first-order formula translate into a collection of propositional variables. Thus, (2) will 
consist of propositional variables derived from the variables in (1). 

IV. For the next step we first notice the following two facts: 

(i) Assume that C is a random 3CNF with n variables and cn}''^ clauses (for a sufficiently 
large constant c). By [22], with high probability there exists an FKO unsatisfiability 
witness vi for C. Both w a-nd C can be encoded as finite sets of numbers, as required 
by the predicate for 3CNF and the FKO predicate in (1). Let us identify w and C 
with their encodings. Then, assuming (1) was formalized correctly, assigning w_ and 
C to (1) satisfies the premise of the implication in (1). 

(ii) Now, by the definition of the translation from first-order formulas to propositional 
formulas, if an object a satisfies the predicate P{X) (i.e., P{a) is true in the standard 
model), then there is a propositional assignment of 0, 1 values that satisfies the propo- 
sitional translation of P{X). Thus, by Item (i) above, there exists an 0, 1 assignment 
C, that satisfies the premise of (2) (i.e., the propositional translation of the premise of 
the implication in (1)). 

In the current step we show that after assigning C, to the conclusion of (2) (i.e., to the 
propositional translation of the conclusion in (1)) one obtains precisely -iC (formally, a 
renaming of -iC, where -iC is the 3DNF obtained by negating C and using the de Morgan 
laws). 

V. Take the propositional proof obtained in (III), and apply the assignment C, to it. The 

proof then becomes a polynomial-size TC'^-Frege proof of a formula cf) — )• -iC, where (/> is a 
propositional sentence (without variables) logically equivalent to True (because Q satisfies 
it, by (IV)). From this, one can easily obtain a polynomial-size TC'^-Frege refutation of 
C (or equivalently, a proof of -iC). 



[C is a 3CNF and w is its FKO unsatisfiabiliy witness] — > 
[[exists a clause Ci in C such that Ci{A) = Oj, 



(2) 
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The bulk of our work lies in (I) and especially in (II). We need to formalize the necessary 
properties used in proving the correctness of the FKO witnesses and show that the correctness 
argument can be carried out in the weak theory. There are two main obstacles in this process. 
The first obstacle is that the correctness (soundness) of the witness is originally proved using 
spectral methods, which assumes that eigenvalues and eigenvectors are over the reals; whereas 
the reals are not defined in our weak theory. The second obstacle is that one needs to prove 
the correctness of the witness, and in particular the part related to the spectral method, con- 
structively (formally in our case, inside VTC^). Specifically, linear algebra is not known to 
be (computationally) in TC^, and (proof-complexity-wise) it is conjectured that TC'^-Frege do 
not admit short proofs of the statements of linear algebra (more specifically still, short proofs 
relating to inverse matrices and the determinant properties; see [41] on this). 

The first obstacle is solved using rational approximations of sufficient accuracy (polynomially 
small errors), and showing how to carry out the proof in the theory with such approximations. 
The second obstacle is solved basically by constructing the argument (the main formula above) 
in a way that exploits non-determinism (i.e., in a way that enables supplying additional witnesses 
for the properties needed to prove the correctness of the original witness; e.g, all eigenvectors 
and all eigenvalues of the appropriate matrices in the original witness). In other words, we do 
not have to construct certain objects but can provide them, given the possibility to certify the 
property we need. Formally, this means that we put additional witnesses in the FKO predicate 
occurring in the main formula in (I) above. 

1.5 Organization of the paper 

The remainder of the paper is organized as follows. Section 2 contains general preliminary defi- 
nitions and notations, including propositional proof systems and the TC'^-Frege proof system. 
Section 3 contains a long exposition of the basic logical setting we use, that is, the relevant theo- 
ries of (two-sorted) bounded arithmetic (V" and VTC^, from [17]), and a detailed explanation 
of how to formalize certain proofs in these theories. This includes defining certain syntactic 
objects in the theories as well as counting and doing computations in the theory. Readers who 
already know the basics of bounded arithmetic can skip Section 3, and look only at specific parts 
or definitions, when needed. Section 4 provides the formalization of the main formula we prove 
in the theory. This formula expresses the correctness of the Feige at al. witnesses for unsatisfi- 
ability [22]. Section 5 contains the proof of the main formula, excluding the lemma establishing 
the spectral inequality which is deferred to a section of its own. Section 6 provides the full proof 
in the theory of the spectral inequality. Section 7 finally puts everything together, and shows 
how to obtain short propositional refutations from the proof in the theory of the main formula. 

2 Preliminaries 

We write [n] for {1, . . . , n}. We denote by T, _L the truth values true and false, respectively. 

Definition 2.1 (3CNF) A literal is a propositional variable xi or its negation -iXj. A 5-clause 
is a disjunction of three literals. A 3CNF is a conjunction of 3-clauses. 
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Definition 2.2 (Random 3CNF) A random 3CNF is generated by choosing independently, 
with repetitions, m clauses with three literals each, out of all possible 2^ • (3) clauses with n 
variables xi,...,Xn- 

We say that a property holds with high probability when it holds with probability 1 — o(l). 

2.1 Miscellaneous linear algebra notations 

We denote by M'^ and Q'^ the /c-dimensional real and rational vector spaces in the canonical 
basis ei,...,efc. The vectors in these spaces are given as sequences a = (ai-.-Ofc). In this 
context for some /c-dimensional vector space V and two vectors a,b £ ^ by (a, b) we denote 
the inner product of a and b which is defined by {a,b) := X^^Li ' Two vectors a,b are 
orthogonal if (a, 6) = 0. The (Euclidean) norm of a vector a is denoted by ||a|| and is defined 

\/X^i=i (^i- ^ vector a is called normal if ||a|| = 1. A set of vectors is called orthonormal if 
they are pairwise orthogonal and normal. A function / : V — > W is linear if for all v,w £ V, 
f{civ + C2w) = cif{v) + C2f{w). Every linear function / : V — > W can be represented by a 
matrix Aj = (ajj)j<^jm(ty),j<dim{y)- Observe that the representation depends not only on / but 
also on the bases of V and W. A matrix A = (flij) is symmetric if Uij = aj^i for all If for 
some matrix A and vector v it holds that Av = Xv we call v an eigenvector and A an eigenvalue 
of A. 

Fact 1 (cf. [30] ) The eigenvectors of any real symmetric matrix A : V — > V are an orthogonal 
basis of V, and the eigenvalues of A are all real numbers. 

2.2 Prepositional proofs and TC°-Prege systems 

In this section we define the notion of TC^ formulas. Then we define the propositional proof 
system TC°-Frege as a sequent calculus operating with TC" formulas and prove basic properties 
of it. We will follow the exposition from [17] . The system we give is only one of many possibilities 
to define such proof systems (see e.g. [11] for a polynomially-equivalent definition). 

The class of TC^ formulas consists basically of unbounded fan-in constant depth formulas 
with A, V,-i and threshold gates. Formally, we define: 

Definition 2.3 (TC° formula) A TC^ formula is built from 
(i) propositional constants _L and T, 
(ii) propositional variables pi for i G N, 
(Hi) connectives and Thj, for i G N. 

Items (i) and (ii) constitute the atomic formulas. TC^ formulas are defined inductively from 
atomic formulas via the connectives: 

(a) if A is a formula, then so is ^A and 

(b) for n > 1 and i E N, if Ai, . . . , An are formulas, then so is Thj^i . . . An- 

The depth of a formula is the maximal nesting of connectives in it and the size of the formula 
is the total number of connectives in it. 
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For the sake of readability we will also use parentheses in our formulas, though they are not 
necessary. The semantics of the Threshold Connectives Thj are as follows. Thj(Ai, . . . , An) is true 
if and only if at least i of the Aj. are true. Therefore we will abbreviate Thj(^i, . . . ,Ai) as /\ A^ 

k<i 

and Thi(j4i, . . . ,Ai) as V Ak- Moreover we let Tho(Ai, . . . ,An) = T and Jhi{Ai, . . . ,An) = -L, 

k<i 

for i > n. 

The following is the sequent calculus TC^-Frege. 

Definition 2.4 (TC'^-Prege) A TC^-Frege proof system is a sequent calculus with the axioms 

A^A, ^T, 
where A is any TC^ formula, and the following derivation rules: 

Weaken-left: From the sequent T — > A we may infer the sequent T,A — > A. 

Weaken-right: From the sequent T — > A we may infer the sequent T — > A, A. 

Exchange- left: From the sequent ri,^i,^2)r2 — > A we may infer the sequent 

ri,^2,^i,r2 ^ A. 

Exchange-right: From the sequent T — > Ai, ^1,^2)^2 we may infer the sequent T — ?■ 
Ai,^2,^l, A2. 

Contract-left: From the sequent F,^,^ — > A we may infer the sequent T,A — > A. 
Contract-right: From the sequent F — > A, A, A. we may infer the sequent F — > A, IS.. 
-i-left: From the sequent F — > A, A we may infer the sequent F, -^A — > A. 
-i-right: From the sequent T,A — > A we may infer the sequent F — > -lyl, A. 
All-left: From the sequent ^i, . . . , j4„, F — > A we may infer the sequent Th„Ai . . . A„, F — > 
A. 

All-right: From the sequents F — > j4i, A, . . . , F — > An,/S. we may infer the sequent F — > 
JKAi . . . An, IS. 

One-left: From the sequents Ai,T — > A, . . . ,Ai,F — > A we may infer the sequent 
J\mAi . . . An,T ^ A. 

One-right: From the sequent F — > y4i,...,A„,A we may infer the sequent F — > 
ThiAi...A„,A. 

Thj-left: From the sequents Thjj42 . . . j4„, F — > A and Thj_iA2 . . . A„, Ai, F — > A we may 

infer the sequent ThjAi . . . F — > A. 
Thj-right: From the sequents F — > ThjA2 . . . Ai, A and F — > Thj_ij42 . . . An, A we may 

infer the sequent F — > ThjAi . . . An, A. 
Cut: From the sequents F — > A, A and F, A — > A we may infer the sequent F — > A, 

for arbitrary TC^ formulas A-i and sets F, A ofTC^ formulas. The intended meaning ofV — > A 
is that the conjunction of the formulas in F implies the disjunction of the formulas in IS.. A 
TC^-frege proof of a formula if is a sequence of sequents vr = (5*1, . . . , Sk) such that Sk = — > ^ 
and every sequent in it is either an axiom or was derived from previous lines by a derivation rule. 
The size of the proof vr is the total size of all formulas in its sequents. The depth of the proof vr 
is the maximal depth of a formula in its sequents. A TC^ -Frege proof of a family of formulas 
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{tpi : f G N} is a family of sequences {{S\, . . . , 5^^) : i G N}, where each Sj is a TC^ formula 
that can be derived from some for k < j using the above rules, such that S^^i = — > ipi, 
and there is a common constant c bounding the depth of every formula in ah the sequences. 

Proposition 2.5 The proof system TC^ -Frege is sound and complete. That is, every formula 
A proven in the above way is a tautology and every tautology can be derived by proofs in the 
above sense. 

Definition 2.6 (Polynomial simulation; separation) Let P,Q be two propositional proof 
systems that establish Boolean tautologies (or refute unsatisfiable Boolean formulas, or refute 
unsatisfiable CNF formulas). We say that P polynomially simulates Q if there is a polynomial- 
time computable function f such that given a Q-proof of t outputs a P -proof of t. If P does not 
polynomially simulate Q or vice versa we say that P is separated from Q. 

(Sometimes it is enough to talk about weak polynomial simulations: we say that a proof 
system P weakly polynomially simulates the proof system Q if there is a polynomial p such that 
for every propositional tautology r, if the minimal Q-proof of r is of size s then the minimal 
P-proof of T is of size at most p{s). We also say that P is separated from Q when Q does not 
polynomially simulates Q; but in most cases it also holds that Q does not weakly polynomially 
simulates P.) 

For a possibly partial {0, 1} assignment a to the propositional variables, we write '^[a] to 
denote the formula ip in which propositional variables are substituted by their values in a. For 
a proof TT = (931, . . . ,Lpi) we write 7r[a] to denote vr = (<y9i[a], . . . ,Lpi[d]). The system TC'^-Frege 
can efficiently evaluate assignments to some of the variables of formulas in the following sense. 

Claim 2.7 Let (p{p, q) be a propositional formula in variables pi . . .pmi o.nd qi . . . o,nd let 
a € {0, Ij^i . IfTC^-Frege proves ip{p, q) with a proof vr^ of length n, then it also proves ip{a, q) 
in a proof vr^pj of length n. Additionally, for any formula (p{p) in variables pi . . .pmi o.nd an 
assignment a G {0, 1}™^, TC^-Frege has polynomial size proofs of either ip[a] or —iip[a]. 

Proof sketch: Consider with vr^ and substitute each occurrence of pi by a^. The resulting proof 
remains correct and proves ip{a,q), because every TC^-Frege rule application is still correct 
after the assignment. 

The second claim is proved by induction over the complexity of ip. If ip[a] is true we can con- 
struct a proof by proving the (substitution instances of the) atomic formulas and then proceeding 
using the appropriate rules of the calculus by the way the formula is built up. 

If ip[a] is false, then we proceed in the same way as above with -^(p[a] instead of ip[a]. ■claim 

3 Theories of bounded arithmetic 

In this section we give some of the necessary background from logic. Specifically, we present 
the theory V*^ and its extension VTC^, as developed by Cook and Nguyen [17] (see also [42]). 
These are weak systems of arithmetic, namely, fragments of Peano Arithmetic, usually referred 
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to as theories of Bounded Arithmetic (for other treatments of theories of bounded arithmetic 
see also [12, 28, 33]). The theories are (first-order) two-sorted theories, having a first sort for 
natural numbers and a second sort for finite sets of numbers (representing bit-strings via their 
characteristic functions). The theory V'' corresponds (in a manner made precise) to bounded 
depth Frege, and VTC^ corresponds to TC^-Frege (see Section 3.2.5). The complexity classes 
AC'^, TC^, and their corresponding function classes FAC'^ and FTC'^ are also defined using 
the two-sorted universe (specifically, the first-ordered sort [numbers] are given to the machines 
in unary representation and the second-sort as binary strings). 

Definition 3.1 (Language of two-sorted arithmetic C\) The language of two-sorted 
arithmetic, denoted C\, consists of the following relation, function and constant symbols: 

{ + ,-,<, 0,1, 1 |,=i,=2,G}. 

We describe the intended meaning of the symbols by considering the standard model N2 
of two-sorted Peano Arithmetic. It consists of a first-sort universe J7i = N and a second-sort 
universe U2 of all finite subsets of N. The constants and 1 are interpreted in N2 as the 
appropriate natural numbers zero and one, respectively. The functions + and • are the usual 
addition and multiplication on the universe of natural numbers, respectively. The relation < is 
the appropriate "less or equal than" relation on the first-sort universe. The function [-I maps a 
finite set of numbers to its largest element plus one. The relation =1 is interpreted as equality 
between numbers, =2 is interpreted as equality between finite sets of numbers. The relation 
n & N holds for a number n and a finite set of numbers if and only if n is an element of N. 

We denote the first-sort (number) variables by lower-case letters x,y,z,..., and the second- 
sort (string) variables by capital letters X,Y, Z, .... We build formulas in the usual way, using 
two sorts of quantifiers: number quantifiers and string quantifiers. A number quantifier is said 
to be bounded if it is of the form 3x{x < t A . . .) or \/x{x < t — )■ . . . ), respectively, for some 
number term t that does not contain x. We abbreviate 3x{x < t A . . .) and \/x{x < i —)■... ) 
by 3x < t and Vx < t, respectively. A string quantifier is said to be bounded if it is of the 
form 3X(|X| < t A . . .) or VXdXl < t — )■ . . . ) for some number term t that does not contain 
X. We abbreviate 3X{\X\ < t A ...) and VA(|X| < t . . .) by 3X < t and yX < t, 
respectively. A formula is in Tjq or Hq if it uses no string quantifiers and all number quantifiers 
are bounded. A formula is in S^-^ or 11^-^ if it is of the form 3Xi < ti . . . 3Xm < imV' or 
\/Xi < ti . . .\/Xm < tmtp, where ip € 11^ and Tp G S^, respectively, and ti does not contain Xi, 
for all i = 1, . . . , m. We write VS^ to denote the universal closure of Hq. (i.e., the class of 
E^-formulas that possibly have (not necessarily bounded) universal quantifiers in their front). 
We usually abbreviate t £ T, for a number term t and a string term T, as T{t). 

For a language C 5 C\ we write Tjq{C) to denote formulas in the language C. 

As mentioned before a finite set of natural numbers represents a finite string Sn = 
Sj^ . . . sj,^' ^ such that Sj^ = 1 if and only if i £ N. We will abuse notation and identify N and 
Sn- 

In the context of a proof in the theory, we write n'^ to mean the term n - ■ ■ n. 
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The (first-order) two-sorted proof system LK^. For proving statements in the two-sorted 
theories we need to specify a proof system to work with (this should not be confused with the 
propositional proof system we use) . We shah work with a standard (two sorted) sequent calculus 
LK^ as defined in [17], section IV.4. This sequent calculus includes the standard logical rules of 
the sequent calculus for first-order logic LK augmented with four rules for introducing second- 
sort quantifiers. We also have the standard equality axioms (for first- and second-sorts) for the 
underlying language £^ (and when we extend the language, we assume we also add the equality 
axioms for the additional function and relation symbols). It is not essential to know precisely the 
system LK^ since we shall not be completely formal when proving statements in the two-sorted 
theories. 

3.1 The theory V° 

The base theory we shall work with is V'' and it consists of the following axioms: 



Basic 1. X + 1 7^ Basic 2. x + l = y + l^x = y 

Basic 3. X + = X Basic 4. x + {y + 1) = {x + y) + I 

Basic 5. X • = Basic 6. x ■ {y + I) = {x ■ y) + x 

Basic 7. {x<yAy<x)^x = y Basic 8. x < x + y 

Basic 9. < X Basic 10. x < y V y < x 
Basic 11. x<y^x<y + l Basic 12. x ^ ^ 3y < x{y -I- 1 = x) 

LI. X{y) ^y <\X\ L2. y + 1 = \X\ ^ X{y) 

SE. {\X\ = |y| A V? < \X\ {X{i) o Y{i))) ^X = Y 
E^-COMP. 3X < y^z < y{X{z) ^ if{z)) , for all v? G 

where X does not occur free in ip . 



Here, the Axioms Basic 1 through Basic 12 are the usual axioms used to define Peano Arith- 
metic without induction (PA~), which settle the basic properties of addition, multiplication, 
ordering, and of the constants and 1. The Axiom LI says that the length of a string coding 
a finite set is an upper bound to the size of its elements. L2 says that \X\ gives the largest 
element of X plus 1. SE is the extensionality axiom for strings which states that two strings are 
equal if they code the same sets. Finally, S^-COMP is the comprehension axiom scheme for 

formulas (it is an axiom for each such formula) and implies the existence of all sets which 
contain exactly the elements that fulfill any given property. 

When speaking about theories we will always assume that the theories are two-sorted theo- 
ries. 



Proposition 3.2 (Corollary V.1.8. [17]) The theory V*^ proves the (number) induction ax- 

B 


($(0) A Vx ($(x) ^ $(x + 1))) ^ yz<l>{z) 



iom scheme for T,q formulas <I>; 
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In the above induction axiom, x is a number variable and can have additional free variables 
of both sorts. 

The following is a basic notion needed to extend our language we new function symbols (we 
write 3!y<I> to denote 3x{^{x) f\\/y{^{y / x) x = y)), where y is a new variable not appearing 
in $): 

Definition 3.3 (Two-sorted definability) Let T be a theory over the language C 5 £^ and 
let ^ be a set of formulas in the language C A number function f is ^-definable in a theory T 
iff there is a formula ip{x,y,X) in ^ such that T proves 

yx\/X3\yip{x, y, X) 

and it holds that^ 

y = f{x,X)^^{x,y,X). (3) 

A string function F is ^-definable in a theory T iff there is a formula (p{x, X , Y) in $ such that 
F proves 

yxiX3lYyD{x,X,Y) 

and it holds that 

Y = F{x,X) ^ (p{x,X,Y). (4) 

Finally, a relation R{x,X) is ^-definable in a theory T iff there is a formula {p{x, X ,Y) in ^ 
such that it holds that 

R{x,X) ^ ip{x,X). (5) 
The formulas (3), (4), and (6) are the defining axioms for f , F, and R, respectively. 

Definition 3.4 (Conservative extension of a tiieory) Let T be a theory in the language C 
We say that a theory T' T^T in the language C ^ C is conservative over T if every C formula 
provable in T' is also provable in T. 

We can expand the language C and a theory T over the language C by adding symbols 
for arbitrary functions / (or relations R) to £ and their defining axioms Aj (or Ar) to the 
theory 7~. If the appropriate functions are definable in T (according to Definition 3.3) then the 
theory F + Af (+^4^) is conservative over F- This enables one to add new function and relation 
symbols to the language while proving statement inside a theory; as long as these function and 
relation symbols are definable in the theory, every statement in the original language proved 
in the extended theory (with the additional defining-axioms for the functions and relations) is 
provable in the original theory over the original language. However, extending the language 
and the theory in such a way does not guarantee that one can use the new function symbols in 
the comprehension (and induction) axiom schemes. In other words, using the comprehension 
(and induction) axioms over the expanded language might not result in a conservative extension. 
Therefore, definability will not be enough for our purposes. We will show precisely in the sequel 
(Sections 3.1.2 and 3.2) how to make sure that a function is both definable in the theories 

^Meaning it holds in the standard two-sorted model N2. 
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we work with and also can be used in the corresponding comprehension and induction axiom 
schemes (while preserving conservativity) . 

When expanding the language with new function symbols we can assume that in bounded 
formulas the bounding terms possibly use function symbols from the the expanded language.^ 

3.1.1 Extending V*^ with new function and relation symbols 

Here we describe a process (presented in Section V.4. in [17]) by which we can extend the 
language £^ of V'^ by new function symbols, obtaining a conservative extension of V'' that can 
also prove the comprehension and induction axiom schemes in the extended language. 

First note that every relation or function symbol has an intended or standard interpretation 
over the standard model N2 (for instance, the standard interpretation of the binary function 
"+" is that of the addition of two natural numbers). If not explicitly defined otherwise, we will 
always assume that a defining axiom of a symbol in the language defines a symbol in a way 
that its interpretation in N2 is the standard one. Note also that we shall use the same symbol 
F{x, X) to denote a function and the function symbol in the (extended) language in the theory. 

Definition 3.5 (Relation representable in a language) Let ^ be a set of formulas in a 
language C extending L\. We say a relation R{x,X) is representable by a formula from $ iff 
there is a formula (p{x, X ,Y) in <I> such that in the standard two-sorted model N2 (and when all 
relation and function symbols in C get their intended interpretation), it holds that: 

R(x,X) ^ ip{x,X). (6) 

We say that a number function f{x,X) is polynomially-bounded if f{x,X) < poly(x, \X\). We 
say that a string function F{x,X) is polynomially-bounded if \F{x,X)\ < poly(x, \X\). 

Definition 3.6 (Bit-definition) Let F{x, X) be a polynomially-bounded string function. We 
define the bit-graph of F to be the relation R{i,x,X), where i is a number variable, such that 

F{x, X){i) o i < t{x, X) A R{i, x, X), 

for some number term t{x, X). 

Definition 3.7 (S^-definability from a language; Definition V.4.1.2. in [17]) We say 

that a number function f is "Eq -definable from a language C 5 C\, if f is polynomially-bounded 
and its graph is represented by a S^(£) formula ip. We call the formula ip the defining ax- 
iom of /. We say that a string function F is T,q -definable from a language C 5 C\, if F 
is polynomially-bounded and its bit-graph is representable by a S^(£) formula ip. We call the 
formula <p the defining axiom of F or the bit-defining axiom of F. 

■^Because any definable function in a bounded theory can be bounded by a term in the original language £.\ 
(cf. [17]). 
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Note: We used the term defining axiom of a function f in both the case where / is defined 
from a language (Definition 3.7) and in case / is definable in the theory (Definition 3.3). We will 
show in the sequel that for our purposes these two notions coincide: when we define a function 
from a language the function will be definable also in the relevant theory, and so the defining 
axiom of / from the language will be the defining axiom of / in the theory (when the theory is 
possibly extended conservatively to include new function symbols). 

Also, note that if the graph of a function F is representable by a T,q{C) formula then clearly 
also the bit-graph of F is representable by a T,q(C) formula. Therefore, it suffices to show a 
Tiq{C) formula representing the graph of a function F to establish that F is Tjq -definable from 
C. 

Definition 3.8 (AC°-reduction) A number function f is AC'^-reducible to £ 5 C\ iff there 
is a possibly empty sequence of functions Fi,...,Fk such that Fi is T,q -definable from CU 
{Fi, . . . , for any i = 1, . . . ,k, and f is Hq -definable from C U {Fi, . . . , Fk}. 

We now describe the standard process enabling one to extend a theory T 5 V*^ over the 
language C\ with new function symbols obtaining a conservative extension of F such that the 
new function symbols can also be used in comprehension and induction axiom schemes in the 
theory (see Section V.4. in [17] for the proofs): 

(i) If the number function / is S^-definable from C\, then T over the language C\ U {/}, 
augmented with the defining axiom of /, is a conservative extension of T and we can also 
prove the comprehension and induction axioms for S^(/) formulas. 

(ii) If the string function F is S^-definable from C\, then T over the language C\ U {F}, 
augmented with the bit-defining axiom of F, is a conservative extension of T and we can 
also prove the comprehension and induction axioms for S^(F) formulas. 

(iii) We can now iterate the above process of extending the language C\{f) (or equivalently, 
C\{F)) to conservatively add more functions /2, /s, . . . to the language, which can also be 
used in comprehension and induction axioms. 

By the aforementioned and by Definition 3.8, we can extend the language of a theory with 
a new function symbol /, whenever f is AC^ -reducible to C\. This results in an extended 
theory (in an extended language) which is conservative, and can prove the comprehension and 
induction axioms for formulas in the extended language. In the sequel, when defining a new 
function in V'' we may simply say that it is T,^ -definable (or bit-definable) in \^ and give its 
E^-defining (bit-defining, respectively) axiom (that can possibly use also previously S^-defined 
(or bit defined) function symbols). 

Extending the language of V'' with new relation symbols is simple: every relation i?(x, X) 
which is representable by a T,q{C) formula, where C is an extension of the language with new 
function symbols obtained as shown above, can be added itself to the language. This results in 
a conservative extension of that also proves the induction and comprehension axioms in 
the extended language. 

Definition 3.9 (FAC*^) A string (number) function is in FAC*^ if it is polynomially-bounded 
and its bit-graph (graph, respectively) is definable by a formula in the language C\. 
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3.1.2 Basic formalizations in V° 

In this section we show how to formahze basic notions in the theory V*^. 

Characteristic function of a relation. For a given predicate R we denote by XR t^is char- 
acteristic function of R. If R is S^-definable in V" then XR is S^-definable in V*^, using the 
following defining axiom: 

y = XR{x,X) o (^Rix,X)^y = lA^R{x,X)^y = 0^ . 

Natural number sequences of constant length. For two numbers x, y let {x, y) := (x + 

y){x + y + 1) + 2y be the pairing function, and let left{z), right{z) be the (easily S^-definable in 
V*^) projection functions of the first and second element in the pair z, respectively. It should be 
clear from the context when we mean (a, b) as an inner product of two vectors and when we mean 
it as the pairing function. We also S^-define inductively (t^i, . . . , Vk) := ((wi, . . . , Ufc-i), "^fc), for 
any constant k. Then V*^ proves the injectivity of the pairing function and lets us handle such 
pairs in a standard way. 

Notation: Given a number x, coding a sequence of natural numbers of length fc, we write {x)^, 
for i = 1, . . . , fc, to denote the number in the ith. position in x. This is a E^-definable function 
in V*^ (defined via left{x) , right{x) functions). 

Rational numbers. Given the natural numbers, we can define the integers in V'' by identify- 
ing an integer number with a pair (a, b) , such that a is its "positive" part and b is its "negative" 
part. We can define addition, product and subtraction of integers. All with T,q definitions. 

Having the integer numbers, we define the rational numbers as follows: for two integer 
numbers a,b, the rational number a/b, is defined by the pair (a, 6). We can define addition, 
subtraction and multiplication of rational numbers in V'' by definitions. (See for example in 
[37]). However, we shall take a simpler path in this paper: throughout this paper, all rational 
numbers used inside the theories have the same denominator n^'^ , for some fixed 
constant c. This enables us to represent every rational number with a pair of integer numbers, 
such that each has a value polynomial in n. Addition and multiplication of two rational numbers 
is also S^-definable in V*^. This also makes it more convenient to sum a non-constant number of 
rational numbers in VTC^ (see Proposition 3.16). To keep the invariant that all denominators 
are n^*^, we then make sure that all the rational numbers resulting from computation in the 
proof in the theory are indeed integer products of This will hold since by inspection of 

the computations made in the theory it will be clear that: 

1. all initial rational numbers will be integer products of 

2. all arithmetic operations done on rational numbers are one of the following: 

(a) addition of two rational numbers (this preserves the denominator); 

(b) if we multiply two rational numbers x, y then x = and y = for some two 
integers a, b, and so x ■ y = will have n^'^ as a denominator. 
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Convention: For the sake of readability we sometimes treat an integer number m in the theory 
as its corresponding rational number m/1, thus enabling one to compute with both types. (This 
is easy to achieve formally. E.g., one can define a function numones' {X) that outputs the 
corresponding rational number of the integer numones (X).) 

Absolute numbers. We can S^-define in V° the absolute value function for integer numbers 
absz{-) from the language C\ as follows (the function max is easily S^-definable): 



We Sq -define the absolute value function for rational numbers absQ{-) in V'^ as follows: 



For simplicity, we shall suppress the subscript Z,Q in absz, absQ] the choice of function can 
be determined from the context. 

Number (natural, integers and rational) sequences of polynomial length. If we wish 
to talk about sequences of numbers (whether natural, integers or rationals) where the lengths 
of the sequences are non-constant, we have to use string variables. Using the number tupling 
function we can encode sequences as sets of numbers (recall that a string is identified with the 
finite set of numbers encoding it). Essentially, a sequence is encoded as a string Z such that the 
xth number in the sequence is y if the number {x, y) is in Z. Formally we have the following 
E^-defining formula for the function seq{x, Z): 



Formula (7) states that the xth element in the sequence coded by Z is y iff {x, y) is in Z and 
no other number smaller than y also "occupies the xth position in the sequence" , and that if no 
number occupies position x then the function returns the length of the string variable Z. We 
write Z[x\ to abbreviate seq{x,Z). 

According to the definition of the function seq{x, Z) above, there might be more than one 
string Z that encodes the same sequence of numbers. However, we sometimes need to determine 
a unique string encoding a sequence. To this end we use a formula, denoted SEQ{y, Z), 
which asserts that Z is the lexicographically smallest string that encodes a sequence of y + 1 
numbers (i.e., no string with smaller binary code encodes the same sequence). Specifically, the 
formula states that if w = is in Z then j is indeed the ith element in the sequence coded 
by Z, and for all y > j the pair {i, y) is not contained in Z: 



y = absz{x) ^ y = {max{left{x) — right{x), right{x) — left{x)),0). 



y = absQ{x) ^ y = {absi{left{x)),{n "^,0)). 



y = seq{x, Z) ^ {y < \Z\ A Z((x, y)) A Vz < y-Z((x, z))) 
V (Vz < |ZhZ((x, z)) ^y = \Z\). 



(7) 



SEQ{y,Z) = yw < \Z\ {Z{w) ^ 3i < y3j < \Z\ {w = A j = Z\i])) . 



(8) 
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Note that elements of sequences Z coded by strings are referred to as ^[i], while elements of 
sequences x coded by a number are referred to as (x)\ (for k the length of the sequence x). We 
define the number function length{Z) to be the length of the sequence Z, as follows: 

£= length{Z) o SEQ{l,Z)h3w < \Z\3j < \Z\{Z{w)Aw = {£-l,j)). 

The defining axiom of length{Z) states that Z encodes a sequence and is the lexicographically 
smallest string that encodes this sequence and that the largest position in the sequence which 
is occupied is ^ — 1 (by definition there will be no pair {a,b) & Z with a > i — 1). 

Array of strings. We want to encode a sequence of strings as an array. We use the relation 
Row Array {x, Z) to denote the xth string in Z as follows (we follow the treatment in [17], 
Definition V.4.26, page 114). 

Definition 3.10 (Array of strings) The function Row Array {x, Z), denoted Z^^^, is E^- 
definable in V'^ using the following bit- definition:^ 

RowArray{x,Z){i) o (i < \Z\ AZ{{x,i))). 

We will abuse notation and write length{Z) for the length of the array Z (i.e., numbers 
of strings in Z) even when Z is a RowArray (and not a sequence according to the predicate 
SEQ). 

Functions for constructing sequences. 

Definition 3.11 {Sequencej{y, x, X)) Let f{z, x, X) be a Tjq -definable number function in V*^ 
(or a Tif -definable number function in VTC^ [see section 3.2 below]), then Sequencej{y,x,X) 
is the string function T^q -definable in "V^ (or Tif -definable in VTC^, respectively) that returns 
the number sequence whose jth position is f{j, x, X), for j = 0, . . . ,y. 

In other words. Sequence j {y, x, X) returns the graph of the function f{z,x,X) up to y 
(that is, the sequence {f{0,x,X),...,f{y,x,X))). The following is the S^-definition of the 
SequencCf^y, x, X): 

Y = Sequencef{y,x,X) o SEQ{y,Y) A Vz <y{Y[i] = f{z,x,X)). 

Sequences of numbers with higher-dimensions. For a constant k, let S be a A;- 
dimensional sequence of rational numbers. We encode a sequence 5 as a string variable Z such 
that the {ii, . . . ,ik)th element in 5 is extracted by the function seq (defined above). Specif- 
ically, we have S[{ii, . . . ,ik)] = y iff {{ii, . . . ,ik),y) G Z and there is no z < y for which 
{{ii, . . . ,ik), z) £ Z. Accordingly, we write Z[ii, . . . ,ik] to abbreviate seq{{ii, . . . , i^), Z). 

''We use the name "RowArray" (instead of the name "Row" used in [17]). 
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Matrices. Given a rational n x n matrix M, we define it as a two-dimensional sequence in 
the manner defined above; and refer to the number at row 1 < i < n and column 1 < j < n 
of M as M[i,j]. We can define the string function that extracts the xth row of Af, and the 
xth column of M, respectively, with formulas as follows. First define f{M,i,x) := M[i,x], 
g{M, i, x) := M[x, i], for any i = 0,1, . . . ,n (for i = 0, the value of M[i, x] and M[x, i] does not 
matter; but this value is still defined by definition of the function seq). Then use Definition 3.11 
to define: 

Row{i,M) := Sequencef{i,n) 
Column{i,M) := Sequence g{i,n) . 

3.2 The theory VTC^ 

It is known that V'^ is incapable of proving basic counting statements. Specifically, it is known 
that the function that sums a sequence of numbers (of non-constant length) is not provably 
total, namely, is not S^-definable in V''. Therefore, if a proof involves such computations we 
might not be able to perform it in V". The theory VTC^ extends V^, and is meant to allow 
reasoning that involves counting, and specifically to sum a non-constant sequence of numbers. 
The theory VTC^ was introduced in [38]; we refer the reader to Section IX. 3. 2 [17] for a full 
treatment of this theory. The theorems of VTC^ correspond to polynomial-size TC'^-Frege 
prepositional proofs, which will enable us to prove the main result of this paper. 

Definition 3.12 (NUMONES) Let Smuiv, X, Z) be the following formula: 

5num (y, X,Z):= SEQiy, Z) A Z[0] = A^u < y{{X{u) ^ Z[u + 1] = Z[u] + 1) 

A (-X(u) ^ Z[u + 1] = Z[u])). 

Define NUMONES to be the following Tjf formula: 

NUMONES ■.= 3Z <l + {y,y)SmM{y,X,Z). (10) 

Informally one can think of the sequence Z{X), which existence is guaranteed by NUMONES, 
as a sequence counting the number of ones in a string X, that is, the uth entry in Z{X) is the 
number of ones appearing in the string X up to the uih. position. 

Definition 3.13 {VTC^) The theory VTC^ is the theory containing all axioms ofV^ and the 
axiom NUMONES. 

Using NUMONES we can define the function numones{y, X) that, given y and X, returns 
the yth entry of Z{X) via the following S^-defining axiom 

numones{y,X) = z O 3Z < 1 + {\X\ ,\X\) {6mM{\X\ , X, Z) A Z[y] = z) . (11) 

We shall use the following abbreviation: 

numones[X) := numones{\X\ — 1,X). 

Next we show how to obtain the functions we will use in the theory VTC^ (these will include 
the function numones). 
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3.2.1 Extending FTC" with new function and relation symbols 

Similar to the case of V'' , we would like to extend the language £^ of VTC^ with new function 
and relation symbols, to obtain a conservative extension. Moreover, we require that the new 
function and relation symbols could be used in induction and comprehension axioms (while 
preserving conservativity) . We can do this, using results from Sections I.X.3.2 and I.X.3.3 in 
[17], as follows. 

Definition 3.14 (Number summation) For any number function f{z,x,X) define the num- 
ber function sumf{y,x,X) by^ 



Recall that by Definition 3.7, a string (number) function F is T,q -definable from C ^ £^ iff 
there is a T,q formula over the language C that bit-defines (defines, respectively) the function F 
(when all the functions and relation symbols in C get their intended interpretation). 

We can use the following facts to extend the language of VTC^ with new function symbols 
(proved in Section IX. 3. 2 in [17]): if / is a (number or string) function in FTC*^ (see below), 
then there is a formula if that represents its graph, and the theory VTC^ extended with 
the defining axiom for / (using y?, as in Definition 3.7) over the language C = C\ U {/} is a 
conservative extension of VTC^. And by Theorem IX. 3. 7 in Section IX. 3. 2 [17], VTC^ can 
prove the induction and comprehension axioms for any S^(£) formula. 

Thus, to extend VTC° with new function symbols, by the above it suffices to show how 
to obtain FTC^ functions. For this we use the following equivalent characterizations of FTC" 
(see Sections IX. 3. 2 and IX. 3. 3 in [17]): 

Proposition 3.15 (Theorem IX. 3. 12, Proposition IX. 3.1 in [17]) The following state- 
ments are equivalent: 

1. The function f is Y^f -definable in VTC^ , and is applicable inside comprehension and 
induction axiom schemes. 

2. The function f is in FTC°. 

3. The function f is obtained from FAC*^ by number summation and KC^ -reductions. 

4- There exist a natural k and functions fi, ■ ■ ■ , fk = f such that for every i = 1, . . . ,k, the 
function fi is either definbale by a formula in the language £^U{/i, . . . , fi-i} or there 
exists h G C\ U {/i, . . . , fi^i\ such that fi = sum^,. 

5. The function f is AC^ -reducible to C\ U {numones}. 

^Note that this is a definition in the metatheory (or in other words the standard two-sorted model). 



y 




i=0 
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Therefore, to obtain new FTC functions, and hence to extend conservatively the language 
of VTC^ with function symbols that can also be used in comprehension and induction axioms, 
we can define a function with a formula in a language that contains sumj, for / in FAC*^, and 
possibly contains also other symbols already definable in V*^. Then, we can iterate this process 
a finite number of times, where now sum^ is defined also for / being a function defined in a 
previous iteration. Since a function is in FTC° iff it is Sf -definable in VTC°, new functions 
obtained in this way, are said to be T,f -definable in VTC^. 

To extend the language of VTC^ with new relation symbols, we can simply add new E^- 
definable relations, using possibly relation and function symbols that where already added before 
to the language, and specifically the numones function. Such relations can then be used in 
induction and comprehension axioms, and we shall say that they are Yiq -definable relations in 
VTC^. 

3.2.2 Summation in VTC^ 

Here we show how to express and prove basic equalities and inequalities in the theory VTC^ . 

Summation over natural and rational number sequences. Given a sequence X of nat- 
ural numbers, we define the function that sums the numbers in X until the yth position by 
sumseqiViX) which is equal to Yl\=Q^^^i}i^)- 

To sum sequences of rational numbers, on the other hand, we do the following. For our 
purposes it is sufficient to sum many small (that is, polynomially bounded) numbers (this is in 
contrast to additions of numbers encoded as strings). Recall that we assume that all rational 
numbers in the theory have the same denominator n^'^, for some global constant c, independent 
of n. 

Proposition 3.16 Let X be a sequence of rational numbers with denominator n^^ and let 
suniQ^z, X) be the number function that outputs X^^^^q^W' Then, the number function 
sumQ{z,X) is Tif -definable in VTC^ . 

Proof: It suffices to show that there is a formula that defines the number function 
sumQ{z,X) using only number summation functions and FAC*^ functions. 

The AC*^ function seq{i, X) extracts the ith element (that is, rational number) from the 
sequence X (see Formula (7)). A rational number is a pair of integers, and hence is a pair of 
pairs. Thus, gp{i,X) := left{left{seq{i, X))) extracts the positive part of the integer numerator 
of the ith rational number in X, and gn{i,X) := right{left(seq{i, X))) extracts the negative part 
of the integer numerator of the ith rational number in X. Note that both gp{i, X) and gn{i, X) 
are FAC'^ functions. Therefore, surogp^z, X) equals the sum of all the positive parts in X, and 
sumg„(z, X) equals the function that sums of all the negative parts of the numerators in X. We 
can now define sumQ{z, X) as follows: 

w = sumQ{z,X) ^ w = {{sumgp{z,X),5umgn{z,X)) , {n'^'',0)) (12) 

Note indeed that {{sum gp{z, X), sum gn{z, X)) ,(n^'^,0)) is a pair of integers that encodes the 
desired rational number (with denominator n^*^). ■ 
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Notation: As a corollary from Proposition 3.16, we can abuse notation as follows: for f(y, x, X) 
a number function mapping to the rationals we write sumj(n, x, X) to denote the sum of rationals 
X]r=o /(^' some fixed x, X and n. Abusing notation further, we can write in a formula 

in the theory simply X^^^o /(^' "^)- 

Expressing vectors and operations on vectors. Vectors over Q are defined as sequences 
of rational numbers (for simplicity we shall assume that the number at the position of a vector 
is 0). Given two rational vectors v,u of size n, their inner prduct, denoted (v, u), is defined 
as follows (we identify here v, u with the string variables encoding v,u): let /(y,v,u) be the 
FAC*^ number function defined by f{y) := v[y] • u[y]. Then the inner product of v and u is 
defined by 

innerprod{\r , u) := sumq (^length{\r) + 1, Sequence j{length{w) + 1)) . 

The function that adds two rational vectors is easily seen to be in FAC*^ (use Definition 3.11 
to construct a sequence, where each entry in the sequence is the addition of the corresponding 
entries of the two vectors). 

Expressing product of matrices and vectors. Let v be an n-dimensional rational vector 
and let M be an n x n rational matrix. Assume that /(z, M, v) := innerprod{Ro'w{z, M),\r). 
We Sf -define in VTC'^ the product Mv as follows: 

Matvecprod^Mjv) := Sequence f{length{^r) + 1, Af, v) . 

Notation: When reasoning in the theory VTC^ we sometimes abuse notation and write v • u 
or (v, u) instead of innerprod{u,v), and Mv instead of Matvecprod{M,v), and u*Mv instead 
of (u,Mv). 

3.2.3 Counting in VTC° 

Here we present basic statements involving counting of certain objects and sets, provable in 

Notation: When reasoning in the theory VTC^, we will say that a family of S^-definable in 
VTC^ sets Bq, . . . , Bi forms a partition o/ U^^g := {r : 3i < £,Bi{r)} whenever VTC^ 
proves that (i) (JLo = ^nd (ii) Bi n Bj = 0, for allO < i ^ j < £. 

Proposition 3.17 (Some counting in VTC^) Let Bi, . . . , B^ be family of T,q -definable sets 
in VTC^ that partition the set B (£ may be a variable). Then, VTC^ proves: 

e 

numones{B) = numones{Bi) . 

i=l 
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Proof: We proceed by induction on I to show that for every < y < max{i?i, . . . , B^: 

I 

i{y,BiU . . .U Bi) = numones{y, Bi). 



numones(^^ 

i=l 



Base case: i = 1. Thus, B = Bi and so we need to prove only numones{y, Bi) = 
^i=i numones{y,Bi). Since VTC^ proves that a summation that contains only one summand 
Bi equals Bi we are done. 

Induction step: £ > 1. We have B = [Ji^i Bi = (IJi=i ^i) U-B^. Assume by way of contradiction 
that (U ■=! Bi)nBe / 0. Then VTC° can prove that this contradicts the assumption that 
Bi n Bj = 0, for all i ^ j (which holds since the i?i's form a partition of B). Hence, (Ui=i ^i) ^ 
Bi = 0, and by Claim 3.18 (proved below): 



numones{y, B) = numones{y, Bi) + numones{y, Bi) (13) 

i=l 

e-i 

= numones{y, Bi) + numones{y, Bi) (by induction hypothesis) (14) 

i=l 

e 

= numones{y, Bi). (15) 



1=1 



It remains to prove the following: 

Claim 3.18 (In VTC°) let A,B be two sets such that An B = (/>, then for all < y < 
max{|^|, \B\}: 

numones{y, AU B) = numones{y, A) + numones{y, B). 

Proof of claim: We proceed by induction on y, using the defining axiom of numones (stating 
the existence of a counting sequence for the input string variable; see Equations (11) and (9)). 

Base case: y = 0- The counting sequence Z for numones{A U B) is defined such that Z[0] = 0. 
Thus, 

= numones{0, AU B) = num.ones{0, A) + numones{0, B) =0 + = 0. 

Induction step: < y < max{|yl|, \B\}. By the defining axiom of numones we have: 

^ /t I I D^ ( numones{y-l,AuB) + l, y £ AU B; , , 

numones (y, A U B) = < ) ^ a -ni ,, ■ (16) 

[ numones[y — 1, AL) B), otherwise. 

We have to consider the following three cases: 
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Case 1: y £ A. Thus, by assumption that A and B are disjoint, we have y ^ B. Also, we have 
y S Ad B. Therefore: 



numones{y, A) + numones{y, B) 

= numones{y — 1, A) + 1 + numones{y, B) 
= numones{y — 1, ^) + 1 + numones{y — 1, B) 
= numones{y — \, Au B) + 1 
= numones{y, AU B) 



(since y £ A) 

(since y ^ B) 

(by induction hypothesis) 

(since y £ AUB). 



Case 2: y £ B. This is the same as Case 1. 

Case 3: y ^ AU B. This is similar to the previous cases. We omit the details, ■claim 



Proposition 3.19 (More counting in VTC ) Let ip{x) be a Sq formula (possibly in an ex- 
tended language of VTC^ ). The theory VTC^ can prove that if Z = {0 < i < m : if{i)} and 
for any < i < m, 

fa, (p{i); 
I b, ^^{i), 

then 

7i = a • numones{Z) + b ■ {m — numones{Z)). 

Proof: Since ^{x) is a formula, by Section 3.2.1, we can use the comprehension axiom 
scheme to define, for any < /c < m — 1, the set: 

Zk--= {i <k : Lp{i)} . 

The claim is proved by induction on k. 

Base case: k = 0. If ip{0) is true, then Zq = {0}, and so numones{ZQ) = 1. By assumption we 
have 7o = a = a • numones{ZQ) + 6 • (1 — numones{ZQ)). Otherwise, 93(0) is false and so Zq = 0, 
implying that numones{Zk) = 0. By assumption again we have 70 = 6 = a • numones{ZQ) + 
b{l — numones{Zo))- 

Induction step: k > 0. 

Case 1: ip{k) is true. Thus Zk{k) is true and also 

numones{Zk) = numones{Zk-i) + 1, (17) 
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and by assumption 7^ = a. Therefore, 

k k-l k-l 

^li = ^1i + 1k = ^li + a 

i=0 i=0 i=0 

= a ■ numones{Zj._i) + h ■ {k — \ — numones{Z^_i)) + a (by induction hypothesis) 

= a ■ {numones{Zk^i) + 1) + 6 • (A; — 1 — numones[Zk^i)) (rearranging) 

= a ■ numones{Zk) + b ■ {k — numones{Zk)) (by (17)). 

Case 2: f{k) is false. This is similar to Case 1. Specifically, Zi.{k) is false and also 

numones{Zk) = numones{Zk-i), (18) 

and by assumption 7^ = b. Therefore 

k k-l k-l 

^li = ^li+lk = ^li + b 

= a ■ numones{Zk-i) + h ■ {k — 1 — numones{Zk-i)) + b (by induction hypothesis) 

= a • numones{Zk-i) + h ■ {k — 1 — numones{Zk-i) + 1) (rearranging) 

= a ■ numones{Zk) + b ■ {k — numones^Z/^)) (by (18)). 



For a number term t, we write Vrr E [t] $ to abbreviate \/x < t{x > 1 — )• <!*). We shall use 
the following proposition in Section 5 (Lemma 5.8). 

Proposition 3.20 The theory VTC^ proves the following statement. Let F{x) be a string 
function. Let d < t be a natural number and assume that any number in any set F{1), . . . ,F{t) 
occurs in at most d many sets in F{1), . . . , F{t). Let g{x) be a number function such that 
g{l), . . . , g{t) are (not necessarily distinct) numbers with g{i) G F{i) for all i € [t]. Then 
numones{{g{i) : i G [t]}) > It/d]. 

Proof: Let \mg{g{x)) := {i : g{x) G F{i)} be a string function (it is S^-definable in V''). By 
assumption 

Vz € [t] {numones{\mg{g{z))) < d) . (19) 

Since for any i G [t], g{i) G F{i), we can prove in VTC^ that Uze[t] ''^§(5'(-^)) equals {1,2,..., t}, 
and so VTC^ proves: 



numones 



U \v^g{g{z))\ =t. (20) 

ze[t] 



Claim 3.21 (Under the assumptions of the proposition) VTC proves: 



numones 



\mg{g{z)) \ <d - numones{{g{i) : i G [t]}). 
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Proof of claim: The proof follows from (19), by induction on t. 
Base case: t = 1. We have 

numones{L)z^[t]\<T\g{giz))) = numones{\mg{g{l))) 

< d (by assumption) 

= d ■ numones{{g{l)}) 

= d ■ numones{{g{i) : i G [t]})- 



Induction step: 

Case 1: g{t) G {g{i) : i £ [t - 1]}. Thus, 

{g{i) : ie[t-l]} = {g{i) : i G [t]} and [J lmg(^(z)) = (J lmg(5(i)). (21) 

ie[t-~i] ie[t] 

Therefore, 

numones I lmg((7(i)) I = numones I lmg(5r(i)) 1 

< d ■ numones {{g{i) ■ i & [t — 1]}) (by induction hypothesis) 
= d- numones {{g{i) ■ i G [t]}) (by (21)). 



Case 2: g{t) {g(i) : i G [t - 1]}. Thus, 

numones{{g{i) : i £ [t — 1]}) + 1 = numones{{g{i) : i G [t]}. (22) 

We have 



numones 



\^ \mg{g{z)) I < numones \^ \mg{g{z)) I + numones (lmg(g(t))) 



and by induction hypothesis 



< d ■ numones {{g{i) ■ i G [t — 1]}) + numones {\mg{g{t))) 

< d- (numones {{g{i) : i G [t]}) — 1) + numones {\ir)g{g{t))) (by (22)) 

< d- (numones {{g{i) : i G [t]}) — 1) + d (by assumption) 
= d ■ numones {{g{i) : i G [i]}). 



■Claim 
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Thus, by Claim 3.21 and by (20), we get: 

t < d ■ numones{{g{i) : i £ [t]}), 

which leads to t/d < numones{{g{i) : i G [i]}), and since numones{{g{i) : i £ [t]}) is an 
integer number we get: 

[t/d] < \numones{{g{i) : i E [t]})] = numones{{g{i) : i € [t]})- 



3.2.4 Manipulating big sums in VTC 

We need to prove basic properties of summation (having a non-constant number of summands) 
like commutativity, associativity, distributivity, substitution in big sums, rearranging etc., in 
VTC^, to be able to carry out basic calculations in the theory. As a consequence of this 
section we will be able to freely derive inequalities and equalities between big summations (using 
rearranging, substitutions of equals, etc.) in VTC^ . 

Proposition 3.22 (Basic properties of sums in VTC^) In what follows we consider the 
theory VTC^ over an extended language (including possibly new -definable function symbols 
in VTC^ and their defining axioms). The function f{i) is a number function symbol mapping to 
the rationals or naturals (possibly with additional undisplayed parameters) . The theory VTC^ 
proves the following statements: 

Substitution: Assume that u{i),v{i) are two terms (possibly with additional undisplayed pa- 
rameters), such that u{i) = v{i) for any i <n, then 

n n 
i=0 1=0 

Distributivity: Assume that u is a term that does not contain the variable i, then 

u-j^f{i) = j2u-f{i). 

Rearranging: Assume that I = {0, . . . , n} and let Ii, . . . , I/^ be a definable partition of I (specif- 
ically, the sets Ii, . . . ,1^ are all T.^ -definable in VTC° and VTC° proves that the Ij 's 
form a partition of I). Then 

n k 

i=o j=i ieij 

where Xlie/ /(^) denotes the term X^'J!q ^ f{d{i)) where 6{i) is the function that enumer- 
ates (in ascending order) the elements in Ij. 
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Inequalities: Let g{i) be a number function mapping to the rationals or naturals (possibly with 
additional undisplayed parameters), such that f{i) < g{i) for all < i < n, then 

n n 
i=Q i=Q 

Proof: 

Substitution: When we work in the theory VTC^ we imphcitly assume that we have equality 
axioms stating that if t = t' , for any two terms t,t', then F{t) = F{t'), for any function F 
(inchiding functions F that are from the extended language of VTC^). Since we assume that 
f{i) is a S^-definable number function in VTC^, the function g(n) := X^iLo/(^) ^i' 
definable in VTC^, and so we also have the equality axiom for g{n). Thus, if u{i) = v{i), for 
any i < n, then we can prove also g{u{n)) = g[v[n)). 

Distributivity: This is proved simply by induction on n. We omit the details. 

Rearranging: Because Ii,. . . ,Ik are S^-definable sets in VTC^ we can define the family of 
sequences Si, . . . ,Sk, each of length n + 1 , such that 

otherwise. 

The theory VTC^ proves, by induction on n, that 

k n n 
j=l j=0 j=0 

For any j = 1, . . . , fc, we can Sf -define in VTC^ the function 5j : {0, . . . , — 1} — > {0, . . . , n} 
such that 6j{t) = z iff z is the {^ + l)th element in Ij (when the elements in Ij are ordered in 
ascending order). In other words, the Jj's functions enumerate the elements in Ij. 
We can now prove in VTC^ that 

from which, by Substitution (proved above), we can prove: 

k n k 

EE^^-w = E E M-w)- 

i=l i=Q i=l i=0 

Inequalities: This can be proved in VTC^ simply by induction on n. We omit the details. ■ 

All the equalities and inequalities which contain big summations that we will derive in the 
theory, can be proved using Proposition 3.22. We shall not state this explicitly in the text, but 
continue to derive such equalities and inequalities freely. 
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3.2.5 The relation between VTC^ and TC'^-Frege 

In this section we show how one can translate a formula if into a family of prepositional 
formulas [(/jJ. We then state the theorem showing that if the universal closure of a formula 
(f is provable in VTC^ then the propositional translation |<^| has a polynomial-size proof in 
TC°-Frege. 

Definition 3.23 (Propositional translation [ I of formulas) Let (p{x, X) be a for- 
mula. The propositional translation of ip is a family 



is true in the standard model N2 of two sorted arithmetic, where n denotes the nth numeral, for 
any n G N. 

For given m,n £ 'N we define fip} by induction on the size of the formula l^}m;n- W^e denote 
the value of a term t by val(t). 

Case 1: Let ip{x, X) be an atomic formula. 



• If ip{x,X) is Xi = Xj for i 7^ j, then (using the fact that contains the extensionality 
axiom SEJ instead of translating ip, we translate the \^ -equivalent formula 



Wi = {Mrn;n I G N} 



of propositional formulas in variables for every Xi £ X . The intended meaning is that [93] 
is a valid family of formulas if and only if the formula 




• If ^{x,X) zs T (or _L;, then {^1^,^^ := T (or L). 



• Ifp{x,X) is Xi = Xi, then Ipjr^^H '■= T. 



Xi\ = \Xj\A\/k < \X\ iXi{k) o Xj{k))). 



• If Lp{x,X) is ti{y, \Y\) = t2{z, \Z\) for terms ti,t2, number variables y,z and string vari- 
ables Y, Z, where yLlz = x and Y U Z = X , and m^ , and n^, re£ denote the corre- 
sponding assignments of numerals m,n to the y, z and Y, Z variables, respectively. Then 




• If (p{x, X) is ti{y, \Y\) < t2{z, \Z\) for terms ti,t2, number variables y, z and string vari- 
ables Y, Z, then 
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Ifip{x,X) is Xi{t{x,\X\)), then 



Mm,n := -L ifni = 



and otherwise 



^P%{rn,n)) ^/ val(t(m, n)) < ni-l , 



T 



i/ val(t(m, n)) = Ui — 1, 
i/ val(t(m, n)) > Uj — 1. 



Case 2: The formula ip is not atomic. 
• If (p = ipi A ■ip2 we let 



• If if = ipi y ip2 we let 

• If if = we let 



Mm,n := [V'll m,n V [V^2lm,n- 



// = 3y < i(x, rc, X) then 



Ma\{t{rn,n)) 



i=0 



val(t(m,n)) 

Mm,n := /\ [[V'(i,^,-^)lm,n- 
i=0 



This concludes the translation for Sq formulas. 

Proposition 3.24 (Lemma VII. 2. 2 [17]) For every T>q formula cp{x,X) there exists a con- 
stant d G N and a polynomial p{m, n) such that for all m, n S N, the propositional translation 
lip{x, X)}f^^fi has depth at most d and size at most p{fn,n). 

We can now state the relation between provability of an arithmetical statement cp in VTC^ 
to the provability of the family in TC'^-Frege as follows. 

Theorem 3.25 (Section X.4.3. [17]) Let ip{x,X) be a formula. Then, ifVTC^ proves 
(p{x,X) then there is a polynomial size family of TC^-Frege proofs of {(f}. 
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4 Feige-Kim-Ofek witnesses and the main formula 



In this section we define the main formula we are going to prove in the theory. We are concerned 
with proofs of 3CNF formulas. Let us fix the following notation. With n we will denote the 
number of propositional variables xi, . . . ,Xn and with m we will denote the number of clauses 
appearmg m the 3CNF denoted C = A™=o^ C^. Each clause is of the form V xf V x[? , for 
^i;^2;^3 £ {0, 1}, where xj abbreviates Xj and abbreviates -iXj. A clause Ca is represented 
by the sequence {i,j,k, (£1,^25^3)10)- The defining formula of the relation is: 

Clause(x, n, m) o ^i,j,k < n3a < mBi < 8 

(i>OAj>OA/c>OA {x)l = i A {x)l = j A {x)l = kA {x)l = £A {x)l = a). 

A 3CNF C = /\a=Q Ca is represented by the sequence (Cqj • • • > Cm— i)- Since tti is non-constant, 
we use a string variable to code C. The defining formula of this relation is 

3CNF(C,?i,m) o Vi < m (CLAUSE(C[i], n, m) A {C[i])l = i) . 

For a number variable x, we S^-define Even(x) by the formula 3y < x(2 ■ y = x) (meaning 
that X is an even number). Accordingly, we define Odd(x) by -iEVEn(x). 

For some clause C and a string variable A (interpreted as a Boolean assignment), we Si- 
deline the following predicate, stating that C is not satisfied under the assignment A: 

NotSAT(C,^) j,A; < n 

[{C)\ = tA{A{i)^{{C)l)l=Q)) 
A{{C)l = jA{A{j)^{{C)l)l = ^)) 
A{{C)l = kA{A{k)^{{C)l)l = Q)). 

We need the following notations and definitions to facilitate the formalization of certain sets 
and objects: 

Notation: 

1. When considering a set of clauses, then a clause in C will be referred to only by its index 
< i < m. Thus, a set of clauses from C is a set of natural numbers less than m. 

2. A set of literal positions from C will be coded as a set of numbers (a, 6), where < a < m 
is the index of a clause in C and h = 1, 2, 3 is the index of a literal in the clause. 

3. For < i < m and e = 0, 1 and a sequence S of 3-clauses we define LitPos(S', z, e) to be 
the string function that outputs the set of (positions of) literals xf in S. In other words, 
we have: 

LitPos(5,i,e) := : j < length{S) A £ < 3 A (5[i])f = i A ((S[j])l)f = e] . 

4. Let satLit(j4, C) be the string function that outputs the set of all literal positions in C 
that are satisfied by A. 
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5. The function Lit(C, i) returns the ith hteral Xj of the clause C, for i = 1,2, 3, in the form 
of a pair (j, e). 

6. If the literals of a clause are not all true or not all false under A, then we say that the 
clause is satisfied as NAE (standing for "not all equal" ) by A. We can easily S^-define the 
predicate SatL(2:, yl), stating that the literal z is satisfied by the assignment A in VTC^. 
Let: 

NAE(C, A) o Clause(C) A \l SATL(Lit(C,i),^) A \/ -SatL (Lit(C, i), A) 

1=1,2,3 j=l,2,3 

be the relation that states that the assignment A satisfies the 3-clause C as NAE. Let 
satNAE(74, C) be the string function that outputs the set of clauses in C that are satisfied 
as NAE by A. 

The functions LitPos(5, z, e), satLit(A, C) and satNAE(A, C) above are all AC°-reducible to 
the language C\ and so we can assume that we have these functions (along with their defining 
axioms) in VTC^ (see Section 3.1.2). All the functions in this section will be AC'^-reducible to 
C\ U {numones}, and all the relations in this section will have definitions in the language 
C\ extended to include both our new function symbols and numones. 

Definition 4.1 (Even A;-tuple) For any given k, a sequence S of k clauses is an even fc-tuple 

ijf every variable appears an even number of times in the sequence. Formally, the predicate is 
denoted TPL(5, A;); 

TPL(5', k) ^ length{S) = kA 

\/i < n. Even (n?imones(LitPos(5, i, 0)) + numones{L\tPos{S,i,l))) . 

Observe that if S is an even fc-tuple then k is even (since the total number of variable 
occurrences N is even, by assumption that each variable occurs an even number of times; and 
k = N/3, since each clause has three variables). 

Definition 4.2 (Inconsistent A;-tuple) An even k-tuple is said to be inconsistent if the total 
number of negations in its clauses is odd. Formally, the predicate is denoted by ITPL(S', A;).' 

ITPL(5, k) o TPL(5, k) A Odd numones{l\tPo5{S, i, 1))^ . 

Definition 4.3 (The imbalance Imb(S', y)) For a 3CNF S we define the function i- 
imbalance ilmb(5, i) to be the absolute value of the difference of negated occurrences of Xi and 
non-negated occurrences of Xi in the 3CNF S (where xi,...,Xn are considered to be all the 
variables in S). It is defined simply by the term: 

ilmb(5, i) := abs{numones{L\tPo5{i,0, S)) — numones{L\tPos{i,l, S))). 
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For a 3CNF S, the predicate imbalance of S, denoted Imb(5, y), is true iffy equals the sum over 
the i-imbalances of all the variables, that is: 

n 

Imb(5, y) ^y = Y^ ilmb(S', i). 

i=l 

Definition 4.4 {{t, k, (i)-collection) A {t, k, (i)-collection S! of a 3CNF C with m clauses is an 
array (coded as in Definition 3.10) oft many inconsistent k-tuples, which contain only clauses 
from C, and each clause appears in at most d many such inconsistent k-tuples. The predicate 
is denoted COLL(t, k, d, C, ^) and is defined by the following formula: 

length{&) = tA 

Vi < tITPL(^[*l,A;)A 

Vi < ty£ < k3j < |C| = C[j]) A 

t~l k-l 
i=0 i=0 

Definition 4.5 (Mat(M, C)) We define the predicate Mat(M, C) that holds iff M is an nxn 

rational matrix such that Mij equals | times the number of clauses in C where Xi and Xj appear 
with a different polarity minus ^ times the number of clauses where they appear with the same 
polarity. More formally, we have 

m—l 

Mij := E^j'' , for any i,je[n], (24) 

k=0 

where E^^^ corresponds to the kth clause in C as follows: 

xl^x^j E C[k] and Ei ^ ej, for some ei,ej S {0, 1} and i ^ j; 
xl^x^j G C[k] and Ei = ej, for some £i,£j € {0, 1} and i / j; (25) 
otherwise. 

Note that e\^^ is definable by a formula (in vC^), and so Mat(M, C) is a S^-definable 
relation in VTC^. 

Finally, we need a predicate EiGVALBouND(Af , A, V) that ensures that A is a collection of 
n rational approximations of the eigenvalues of the matrix M and that V is the rational matrix 
whose rows are the rational approximations of the eigenvectors of M (where the ith row in V is 
the approximation of the approximate eigenvector Aj). For the sake of readability we defer the 
formal definition of the predicate EigValBound(M, A, V) and all the lemmas that relate to it, 
including the proofs in the theory making use of this predicate, to Section 6. 

Notation: 1. The notation o(l) appearing inside a formula in the proof within the theory, and 
specifically in Definition 4.6 below, stands for a term of the form b/n'^, for b a number symbol 



E, 



(k) 



1 

2' 



1 
"2' 



0, 



35 



greater than 0, and c some positive constant (and where a rational number is encoded in the 
way described in Section 3.1.2). 

2. Given two terms t and f{n) in the language where n is a number variable, we say 
that VTC^ proves t = 0{f{n)), to mean that there exists some constant c (independent of n) 
such that VTC^ proves t < c - f{n), where c is a term without variables in the language C\. 

We can now state the main formula that we are going to prove in VTC°. It says that if the 
Feige-Kim-Ofek witness fulfills the inequality t > '^•(-^+-^") _|_ o(i) then there exists a clause in C 
that is not satisfied by any assignment A (one can think of all the free variables in the formula 
as universally quantified): 



Definition 4.6 (The main formula) The main formula is the following formula (X 
denotes n distinct number parameters Ai, . . . , Xn): 

(^3CNF(C, n, m) A COLL(t, k, d, C, A Imb(C, /) A Mat(A/, C) A 

EigValBound(M, X,V) a a = max{Ai, . . . , A„} A t > ^' ^ ^^"^ + o(l) 
— > 3i < mNOTSAT(C[i],^). 



5 Proof of the main formula 

In this section we prove our key theorem: 

Theorem 5.1 (Key) The theory VTC^ proves the main formula (Definition 4-6). 

Proof: We reason inside VTC^. Assume by way of contradiction that the premise of the 
implication in the main formula holds and that there is an assignment A G {0, 1}" (construed 
as a string variable of length n) that satisfies every clause in C. Recall that satLit(^, C) is the 
set of all literal positions that are satisfied by A. 

Lemma 5.2 (Assuming the premise of the main formula) the theory VTC^ proves: 

numones{satL\t{A, C)) < — . 

Proof: First observe that for any assignment A and any 1 < i < n the set of satisfied literals of 
Xi is defined by LitPos(C, z, ^(z)). Therefore, the sets LitPos(C, 1, ^(1)), . . . , LitPos(C, n, A(n)) 
form a partition of satLit(A, C) (provably in VTC^), and thus by Proposition 3.17, VTC^ 
proves that 

n 

numones {satL\t{A, C)) = ^ numones {L\tPos{C, i, A{i))). (26) 

1=1 
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By (26) we get 

n 

numones{s5t\J\t{A,C)) < max{mimones(LitPos(C, 0)), numones(LitPos(C, i, 1))}. (27) 

i=l 

For any 1 < i < n, define the term 

LitPos(C, i) := LitPos(C, i, 0) U LitPos(C, i, 1). 

Then by 

ilmb(C,i) + niiTOones(LitPos(C, i)) 

2 ~ 
ilmb(C, i) + nuTOones(LitPos(C, i, 0)) + nuTOones(LitPos(C, i, 1)) 

2 ' 

and since, by Definition 4.3, ilmb(C, i) = abs {numones {L\tPos{C, i, 0)) — numones {L\tPos{C, i, 1))), 
the theory VTC^ proves that for any 1 < i < n: 

/I ■ n, \N /I ■ n, N//-. ilmb(C, i) + nuTOones(LitPos(C, i)) 
max{numones[L\tPo5{C,t,0)), numones{L\tPo5){C,t,l)} = . 

^ (28) 

Claim 5.3 (Assuming the premise of the main formula) the theory VTC^ proves: 

ilmb(C, i) + numones{L\tPos{C, i)) I + 3m 

^ 2 ~ 2 ■ 

1=1 

Proof of claim: First recall the definition of imbalance (Definition 4.3) / = Yll=i ilrnb(C,i). 
Thus it remains to prove that '^^^^ numones {L\tPos{C,i)) = 3m. For this, note that 
LitPos(C,i), for i = 1, . . . ,n, partition the set of all literal positions in C. In other words, we 
can prove that: (i) if H is the set of all literal positions in C (this set is clearly S^-definable in 
VTC°) then H = U7^iLitPos(C, i); and (ii) LitPos(C,i)nLitPos(C, j) = 0, for all 1 < i / j < n. 
Therefore, by Proposition 3.17 we can prove that: 

n 

numones{H) = numones {L\tPo5{C, i)). (29) 
1=1 

Now, the set H of all literal position in C can be partitioned (provably in VTC^) by the sets 
Ti, . . . , Tjn, where each Tj, for < j < m, is the set of the three literals in the jth clause in C. 
Thus, again by Proposition 3.17, we can prove that numones{H) = 3m. By (29) we therefore 
have 

n 

numones {L\tPos{C, i)) = 3m. 

i=l 

■Claim 
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We conclude that: 



numones (satLit(j4, C)) 

n 

< max{numones(LitPos(C, i, 0)), numones (LitPos(C, i, 1)) (by (27)) 



i=l 



^ ilmb(C,^) + LitPos(C,.) ^^^^^^^^ 



I + 3m 



(by Claim 5.3). 



We now bound the number of clauses in C that contain exactly two literals satisfied by A. 
We say that a 3-clause is satisfied by a given assignment as NAE (which stands for not all equal) 
if the literals in the clause do not all have the same truth values. That is, if either exactly one 
or exactly two literals in the clause are satisfied by the assignment. 

Recall that satNAE(A, C) is the function that returns the set of all clauses (formally, indices 
< m) that are satisfied as NAE by A. 

Lemma 5.4 (Assuming the premise of the main formula) the theory VTC^ proves: let h be 
the number of clauses in C that contain exactly two literals satisfied by A. Then 

h < — 3m + 2 • numones{satNAE{A, C)) . 

Proof: For i = 0,1, 2, 3, let Bi be the set of clauses in C that contain exactly i literals satisfied 
by A. For i = 0, 1, 2, 3, let Fi be the string function that maps a clause (index) C to the set of 
literal positions that are satisfied by A in case there are exactly i such literals and to the empty 
set otherwise: 

{h, . . .,li}, if j e Bi ; 
0, otherwise 



F^{J) 



(where a literals is coded, as before, by the pair (a, b) for a an index of a clause in C and b 
the position of the literal in the clause). Every such function Fi is S^-defined in VTC^. We 
also S^-define the image of Fi as follows: 

Img(Fi) := {x : 3y < m {Fi{y)){x)}. 
Claim 5.5 (Assuming the premise of the main formula) the theory VTC^ proves: 

3 

numones(satL\t{A, C)) = numones{lmg{Fi)) . 

i=l 

Proof of claim: In light of Proposition 3.17, it suffices to prove that satLit(A, C) is partitioned 
by Img(i<'i), Img(F2)) I™g(-^3) (note that Img(Fo) = by definition), in the sense that: 
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(i) satLit(A, C) = Img(Fi) U Img(F2) U Img(F3), and 

(ii) Img(Fi) n Img(Fj) = 0, for all 1 < i / j < 3. 

We prove (i): consider a literal x E satLit(A, C), and let x = {a, b). We know that the clause 
Ca contains the literal x. Now, either zero, or one, or two of the remaining literals in Ca are 
satisfied by A. So x must be in either -Fi(a) or in F2{a) or in F^{a)^ respectively. Item (ii) is 
easy to prove by the definition of the Fj's. We omit the details. ■ claim 

Claim 5.6 For any i = 1,2, 3, numones{Im.g(Fi)) = i ■ numones{Bi) . 

Proof of claim: Fix some i = 1,2, 3. We prove the claim by induction on the number of clauses 
j < m (we can consider the sets Bi and the functions Fi having an additional parameter that 
determines until which clause to build the sets. That is, Bi{z) is the set of clauses from to z that 
have i literals satisfied by A; and similarly we add a parameter for the .Fj's). In the base case j = 
there is only one clause Cq. Depending on A we know how many literals in Co are satisfied by A. 
And so G i?i iff i literals are satisfied by A in Cq iff numones {Fi{0)) = i = i-1 = i- numones (Bi). 
The induction step is similar and we omit the details. ■ claim 

By Claim 5.5 and Claim 5.6 we get: 

numones {satL\t{A, C)) = numones {lmg{Fi)) 

j=l,2,3 

= i ■ numones{Bi) . (30) 

1=1,2,3 

It is easy to show (in a similar manner to Claim 5.5) that Bi U B2 U B^ = {0, . . . ,m — 1} 
and Bi Bj = 0, for any 1 < i 7^ j < 3. From this, using Proposition 3.17, we get that 
m = numones (Bi) + numones {B2) + numones{B-s), and so: 

numones{Bi) = m — numones{B2) — numones{B-i) . (31) 

Thus, by (30): 

numones {satL'\t{A, C)) = m — numones{B2) — numones{B^) + 2 ■ numones[B2) + 3 • numones[B^) 

= m + 2 ■ numones (B^) + numones {B2) , 

and so 

numones{B2) =numones{sat\J\t{A, C)) — m — 2 ■ numones{Bj,) . (32) 

The set of clauses in C that are NAE satisfied by A (i.e., satNAE(^, C)) is equal to the set of 
clauses having either one or two literals satisfied by A; the latter two sets are just Bi and B2, 
and since they are (provably in VTC^) disjoint we have (using also (31)): 

numones{B'i) = m — [numones{Bi) + numones[B2)) = m — numones(satNAE(A, C)) . 
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Plugging this into (32), and using Lemma 5.2, we get: 



numones{B2) = numones{satL\t{A, C)) — 3m + 2 • numones{satNAE.{A, C)) 
< — 3m + 2 • nuTOones (satNAE(A, C)). 

This concludes the proof of Lemma 5.4 ■ 

The following lemma provides an upper bound on the number of clauses in C that can be 
satisfied as NAE by the assignment A. 

Lemma 5.7 (Assuming the premise of the main formula) the theory VTC^ proves: 

niiTOones(satNAE(A, C)) < (nA + 3m)/4 + o(l). 

The proof of this lemma involves a spectral argument. Carrying out this argument in the 
theory is fairly difficult because one has to work with rational approximations (as the eigenvalues 
and eigenvectors might be irrationals, and so undefined in the theory) and further the proof must 
be sufficiently constructive, in the sense that it would fit in the theory VTC^. We thus defer to 
a separate section (Section 6) all treatment of the spectral argument. Given the desired spectral 
inequality, we can prove Lemma 5.7 — this is done in Section 5.2. 

We can now finish the proof of the key theorem: 

Concluding the proof of the theorem (Theorem 5.1). In VTC^ (and assuming the 
premise of the main formula), let h be the number of clauses in C that contain exactly two 
literals satisfied by A. We have: 

h < — 3m + 2 • numones {satNAE{A, C)) (by Lemma 5.4) 

3m + / 3m + An 
< 3m H h o(l) (by Lemma 5.7) 

= ^ +»(!). (33) 

Since we assumed that A satisfies C, then every clause in C has at least one literal satisfied 
by A. Thus, the clauses in C that are not satisfied as 3X0R by A are precisely the clauses 
that have exactly two literals satisfied by A. By (33), the number of clauses that have exactly 
two literals satisfied by A is at most ^-^j^ + o(l). We now use Lemma 5.9 (proved in the next 
subsection) to prove the following lemma: 

Lemma 5.8 (Assuming the premise of the main formula) the theory VTC^ proves that the 
number of clauses in C that are not satisfied as 3X0R by A is at least \t/d\ . 

Proof: Consider the collection COLL(t, /c, d, C, i^) in the premise of the main formula. Then, 
^ is a sequence of t inconsistent fc-tuples from C, and every pair of /c-tuples in & intersect^ 



^Where a clause is identified with its index 0, . . . , m — 1 in C, so that two identical clauses with a different 
index are considered as two different clauses. 
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on at most d clauses from C. By Lemma 5.9, each of the t inconsistent fc-tuples contains a 
clause which is unsatisfied as 3X0R by A. Since each such clause may appear in at most d other 
inconsistent k tuples, using Proposition 3.20 the theory VTC^ proves that the total number of 
distinct clauses not satisfied as 3X0R by A is at least [t/d] . h 

Using this Lemma, we can finish the proof of the key Theorem 5.1, as follows: by Lemma 
5.8 and the fact that the number of clauses in C that are not satisfied as 3X0R by A is at most 
i^ + o{l), we get 

~t' 



t 

t = d- -<d- 
d 



d 



<d.^^ + o{l), (34) 



which contradicts our assumption (in the main formula) that t > _)_ o(l). Formally, 

we need to take care here for the "o(l)" notation. Recall that o(l) stands for a term b/n'^ for 
some constants number term b and a constant c. Therefore, it is enough to require that if our 
assumption (in the premise of the main formula) is t > ^(^^^"^^ _|_ h/n'^^ then in (34) above we 
have t < d ■ |"^] < d ■ ^^2^ + b' /n'^' , so that b/n^ < b'/n'^' . (This requirement will be easily 
satisfied when applying our theorem (see Corollary 7.3).) ■ 



5.1 Formulas satisfied as 3XOR 

Here we prove the missing lemma that was used in the proof of Lemma 5.8. 

Notation: For a sequence S of k many 3-clauses, and for < a < A;, we denote the three 
variables in the clause S{a\ by Xi^,Xj^,Xh^, and abbreviate {{S[a])^)^, which is the polarity of 
the tth variable in ^[a], hyif, for t = 1, 2, 3. Thus, x-^ , Xj^ , Xf^ , are the three literals in S[a] and 

fta get £a 

the values of ^A{i) © ^A{j) ® ^A{h) © ^3 are the values that A assigns to x^^ , x? , x^^ , 
respectively, where © is the XOR operator. We also abuse notation and write ^A{i) inside 
a term to mean the characteristic function of the predicate ^A{i), that is, the function that 
returns 1 if ~^A{i) is true, and otherwise. 

For a clause C and an assignment A the predicate 3XOR(C, A) says that A satisfies exactly 
one or three of the literals in C If we denote by Xi,Xj,Xh the three variables in C and by 
^i;^2,^3 their respective polarities, we have: 

3XOR(C, A) iff -nA{i) © £1 + ^A{j) © ^2 + --A{h) ©£3 = 1 mod 2 , 

and formally the predicate 3X0R is S^-definable by the following formula: 

3XOR(C7, A) := ODB{^A{i) + 4 + ^A{j) + ^ + ^A{h) + £3) . 

Lemma 5.9 The theory VTC^ proves that if S is an inconsistent (even) k-tuple, then for every 
assignment A to its variables there exists a < k such that A satisfies exactly zero or exactly two 
literals in the clause S[a\. More formally, VTC^ proves: 

yA < n^k < n^S <p{n)3a <k{\A\ =nAlTPL{S,k) ^3XOR (5[a], ^)) , 

for some (polynomial) termp{-). 
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Proof: We need the following claim: 

Claim 5.10 Let f(y) be a number function definable in VTC^ . Then VTC^ proves the fol- 
lowing statements: 

1. (Va < k, ODD(/(a))) A Even(A;) ^ Even (Ea=o /(") 

2. (Va<A:,EvEN(/(a))) ^ Even (e«=o /(«)) / 

3. (Va < k, ODD(/(a))) A Odd(A;) ^ Odd (Ea=o /(«)' 



Proof of claim: Consider Item 1 (the other items are similar). The proof is by induction on 
k, showing that 

k-l 

((Va < k3y{2y + 1 = /(a))) A 3y{2y = k)) ^ 3y J2 = ^2/ > 

and using the fact that V*^ proves that Odd(x) -h- 3y < x{2y + 1 = x) (e.g., by induction on 
x). We omit the details. ■ claim 

Now, assume by way of contradiction that A satisfies all the clauses in S as 3XORs. Thus, 
for any a < k, if we define /(a) := ^^(i^) + ^A(j„) +£f + ^A(/i„) +£f , then ODD(/(a)). 
Hence, because Even(/i;), by Claim 5.10 we can prove that: 

Y^{^A{ic,)ei1 + ^A{jc,)®i^ + ^A{hc,)ei'^) = mod 2. (35) 

Recall that every variable appears an even number of times in S. Thus, if a variable has an 
odd number of negative appearances then it also has an odd number of positive appearances. 
Similarly, if a variable has an even number of negative appearances then it also has an even 
number of positive appearances. Let Iq S {0, . . . , n — 1} be the indices of variables having an 
even number of positive (and thus negative) appearances in S and let /i = {0, . . . , n — 1} \ Iq be 
the indices of variables having an odd number of positive (and thus negative) appearances in S. 
Thus, the left hand side of (35), can be written as follows (for e = 0,1, we denote by x^{A) the 
truth value of the literal xf under A): 

E ixUA) + ... + x}iA) + x^iA) + ... + x^iA)] + 



even times 



E i ^liA) + . . .+ x}{A) + x^{A) + . . . + x^jA)] 

'(ZT \ ^ 'V ^ V I 

\ odd times odd times / 



(36) 



Claim 5.11 For any i G /q (and any string variable A of size n) the theory VTC^ proves that 

x\{A) + ... + x]{A) + x^M) + --- + x'i{A) 

^ V ' ^ V ' 

even times even times 

is an even number. 
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Proof of claim: Reason in VTC^ as follows: assume that A{i) = 0. Then x}{A) = and 
x'!-{A) = 1 and so by Claim 5.10 the sum of evenly many xj{A)^s is even and the sum of evenly 
many x^{A)^s is also even. The sum of two even numbers is even, and so we are done. (The 
case where A{i) = 1 is similar.) Bciaim 

By Claims 5.10 and 5.11, the theory VTC^ proves 

Even I I xjjA) + . . . + x}{A) + x^{A) + . . . + x^jA)] J . (37) 

V^^"^*-' \ even times even times / / 

Similarly to the above claims we have: 
Claim 5.12 For any i G /i (and any string variable A of size n) the theory VTC^ proves that 

x]{A) + ... + x]{A) + x%A) + ... + x'l{A) 

odd times odd times 

is an odd number. 

Since by assumption S is an inconsistent fc-tuple, the number of negative literals is odd 
(Definition 4.2), and so (provably in VTC^) the number of variables that has an odd number 
of negative appearances must be odd, in other words, is odd. Therefore, by Claims 5.12 and 
5.10, VTC° proves: 

Odd I >^ I xjiA) + ... + x}{AH^^{A) + ... + x^{A) \ ] . (38) 



odd times odd times 



Since VTC^ proves both (37) and (38), VTC^ proves that (36) is odd, which contradicts 
(35). This implies that not all the clauses in S are satisfied as 3X0R by the assignment A. m 



5.2 Bounding the number of NAE satisfying assignments 

Here we prove Lemma 5.7 used to prove the key theorem (Theorem 5.1). Recall that 
satNAE(^, C) is the string function that outputs the set of clauses in C that are satisfied as 
NAE by A (see Section 4). The proof of the following lemma is based on the spectral inequality 
proved in Section 6. 

Lemma 5.7 (Assuming the premise of the main formula) VTC^ proves 

numones{satUAE{A,C)) < (An + 3m)/4 + o(l). 



Proof: Let a be a vector from {—1, 1}" such that a(i) = 2A{i) — 1. Thus, a(i) = 1 if A{i) = 1 
and a(i) = — 1 if A(i) = 0. We can prove in VTC° (by definition of inner products and a 
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product of a matrix and a vector — innerprod and Matvecprod function symbols, respectively, as 
defined in Section 3.2.2) the following: 

n n 

a*Ma = J2Y1 ^%a(i)a(j) . (39) 
i=i j=i 

By assumption Mat(M, C) holds (see Definition 4.5) and so by definition 4.5 and by (39) we 
can prove m FTC° that: 

n n m—1 



a*Ma = J]j;5]i?J)a(i)a(j), (40) 

i=l j=l k=0 



where E^^\ for any i,j G [n], is: 



+|, G C[A;] and 7^ ej, for some ei,ej G {0, 1} and i 7^ j; 

— |, x^^x^^ G C[/c] and Si = ej, for some ei,ej G {0, 1} and i 7^ j; (41) 

0, otherwise. 



By rearranging (40) we get 

m—l n n 



k=0 i=l j=l 

and since E^j^ = whenever either Xi C[k] or Xj C[A;], we get 

m—l 

fc=l i,je{r:Xr<^C[k]} 
(k) (k) (k) 

and further, since E^^j = if i = j, and E^j = -Ejj , for any i,j, we have 

m—l 



J2 E 2i5;i;)a(.)a(i). (42) 

fc=0 i<j£{r:Xr€C[k]} 



Claim 5.13 T/ie t/ieory VTC^ (in fact already V'^) proves that for any k = 0, . . . ,m — 1: 

V 2FW«m«r,-^ - / NAE(C[A;],A); 
^ 2E,. a(z)a(j) - I ^nAE(CM,A). 



i<je{r : a:rGC[fc]} 



Proof of claim: For any i < j G {r : Xr £ C[k]}, A(i) 7^ ^(j) (which means that a{i) 7^ a(j)) 
then a(i)a(j) = — 1, and if A{i) = A{j) (which means that a(i) = a(j)) then a(i)a(j) = 1. Note 
also that x^' 7^ x^^ under a means that either Xi,Xj have different polarities Ei 7^ £j and 
a{i) = a{j) or Xi,Xj have the same polarities = and a(i) 7^ a(j). Similarly, x^' = x^"* under 
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a means that either Xi,Xj have different polarities Si ^ ej and a{i) ^ a{j) or Xi,Xj have the 
same polarities Si = ej and a(i) = a(j). Thus, by (41), for any i < j G {r : G C[A;]}: 



( +i, if xf / x'^/ under a; 
£;fa(i)a(j)= / i^. (43) 

I — 2, if a^j = under a. 



Note that if NAE(C[A;],^) is true then there are exactly two pairs of literals rE^%x^'', i < j, for 
which x^^ and x^-' get different values under the assignment a (if A assigns 1 (i.e., T) to one 
literal and (i.e., _L) to the other two literals, then two pairs have different values and one pair 
has the same value; and similarly if A assigns to one literal and 1 to the other two literals). 
Therefore, if NAE(C[A:],^) is true then 



i<j&{r:Xr&C[k]} 

On the other hand, if NAE(C[/c], A) is false then all pairs of literals , i < j, get the same 

value under the assignment A, and so: 



E <'«(>W;) = 2(-i-i-i) 



i<jG{r:XreC[k]} 
Claim 

Let Z = {i <m : NAE(C[i],^)} (note that Z = satNAE(^, C)), and for any A; = 0, . . . , m - 



1, let 7fc = Yli<je{r : xrecik]} '^^ij ■ Then, by Claim 5.13 and Proposition 3.19: 

m— 1 

Y2 7j = 1 ■ numones{Z) — 3 • (?n — numones{Z)) 



1=0 

= 4 • numones{Z) — 3m 

= 4 • numones{s3tUkE{A, C)) — ?>m. 



(44) 



By (42) we have 



m— 1 



Y,li = a*Ma, (45) 

1=0 

and by the spectral inequality proved in Lemma 6.7 in the next section, we have: 

a*Ma< An + o(l). 

By (44) we thus get 

4 • numones(satNAE(A, C)) — 3m < An + o(l), 

which leads to 

numones(satNAE(A, C)) < ho(l). 
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6 The spectral bound 



In this section we show how to prove inside VTC the desired spectral inequahty, used in the 
proof of the key theorem (Theorem 5.1; specifically, it was used in Lemma 5.7 in Section 5.2). 

Since the original matrix associated to a 3CNF is a real symmetric matrix, and its eigenvec- 
tors and eigenvalues also might be real, and thus cannot be represented in our theory VTC^^ we 
shall need to work with rational approximations of real numbers. We will work with polynomi- 
ally small approximations. Specifically, a real number r in the real interval [—1,1] is represented 
with precision 1/n'^, where n is the number of variables in the 3CNF and c is a constant natural 
number independent of n (that is, if r is the approximation of r, we shall have |r — r| < 1/n'^). 
Recall that we will assume that all rational numbers have in fact the same denominator n^'^ for 
some specific global constant c (see the Preliminaries, Section 3.1.2 on this). 

The idea of proving the spectral bound in VTC^ (Lemma 6.7). Here we explain 
informally how to proceed to prove the bound a*Ma < An + o(l), for any a G { — 1, 1}", in the 
theory FTC°, assuming that EigValBound(M, A, F) (and Mat(M, C)) hold. The idea is as 
follows: in the predicate EigValBound(M, A, V) we certify that the rows of a given matrix V 
are rational approximations of the normalized eigenvector basis of M. Since M is symmetric and 
real, V will approximate an orthonormal matrix, and will approximate (this is where we 
circumvent the need to prove the correctness of inverting a matrix in the theory VTC^: instead 
of proving the existence of an inverse matrix, we simply assume that there exists an object 
which [approximates] the inverse matrix of V). Thus, approximates the matrix of the basis 
transformation from the standard basis to the eigenvector basis. Note that a (as a {—1,1} 
vector) is already almost described in the standard basis. Hence, it will be possible to prove in 
the theory that V^a is the representation of a in the (approximate) eigenvector basis, i.e., we 
shall have an equality a = '^^^I'JiVi + o(l), for Vj's the approximate eigenvectors of M and 
some rationals 7i's. After plugging- in this equality in a* Ma, to prove a*Ma < An we only need 
to validate computations — using also the fact that we know the inequalities Mvj < Avj + o(l), 
for any i G [n], hold (since this will be stated in the predicate EigValBound(M, X,V)). 

6.1 Notations 

Here we collect the notation we use in this section. We denote by ei, . . . , the standard basis 
vectors spanning Q"". That is, for any 1 < i < n the vector € Q"" is 1 in the ith coordinate 
and all other coordinates are 0. For a vector v we denote by v{j) the j'th entry in v. Given 
a real symmetric matrix M we denote by ui, . . . ,Un G M" the normalized eigenvectors of M. 
It is known that the collection of normalized eigenvectors of a symmetric n x n real matrix M 
forms an orthonormal basis for M" , called the eigenvector basis of M (cf . [30] ) . The (rational) 
approximation of the eigenvectors will be denoted vi, . . . , v„ E and we define Vij := Vi(j). 
Recall that for a real or rational vector v = {vi, . . . ,Vn) we denote by ||f ||^ the squared Euclidean 
norm of v, that is, = vf + . . . + v"^. We also define ||v||oo := maxjuj : 1 < i < n}. 
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6.2 Rational approximations of real numbers, vectors and matrices 

Definition 6.1 (Rational e-approximation of a real number) For r G M, we say that q € 
Q is a rational ^-approximation of r (or just e-approximationj, if \r — q\ < e. 

Claim 6.2 For any real number r G [—1,1] CLnd any natural number m there exists a 1/m- 
approximation of r whose numerator and denominator have values linearly bounded in m. 

Proof of claim: By assumption, there exists an integer < A; < 2m, such that r G 
[—1 + ^, — 1 + . Then — 1 + ^ is a rational 1/m- approximation of r. ■claim 

In a similar fashion we have: 

Definition 6.3 (Rational e-approximation of (sets of) real vectors) Let < e < 1. For 

u G M", we say thatv G Q" is an e-approximation of u, ifv{i) is an e- approximation ofu{i), for 
all i = 1, . . . ,n. Accordingly, for a set U = {ui, . . . ,Ufc} C M", we say that V = {vi, . . . , v/;.} C 
is a (rational) e-approximation of U if every Vj G Q" is an e- approximation of the vector 
Ui, i = 1, . . . ,n. 

6.3 The predicate EigValBound 

We define the predicate EigValBound(M, A, V) which is meant to express the properties needed 
for the main proof. Basically, EigValBound(M, A, F) expresses the fact that ^ is a rational 
1/n'^-approximation (Definition 6.3) of the eigenvector basis of M, whose 1/n'^-approximate 
eigenvalues (in decreasing order with respect to value) are A, for a sufficiently large constant 
c G N. 

Note: For a number or a number term in the language, we sometimes use \t\ to denote the 
absolute value of t. This should not be confused with the length \T\ of a string term T. 

Definition 6.4 (EigValBound predicate) The predicate EiGVALBouND(Af, A, V) is a T,q- 
definable relation in VTC^ that holds (in the standard two-sorted model) iff all the following 
properties hold (where c £N is a sufficiently large global constant): 

1. V is a sequence of n vectors vi, . . . , v„ G Q" with polynomially small entries. That is, for 
any 1 < i,j < n, the rational number 

Vij ■■= Vi(j) G Q 

is polynomial in n (meaning that both its denominator and numerator are polynomially 
bounded in n ). 

2. For any 1 < i, j < n it holds that the absolute value \vij\ < 2. 

3. For any 1 < i < n, define: 

n 



47 



Then, there exists G Q" for which 

ei = ei + ri and ||rj||oo = 0(l/n''"^). 

To formalize the existence of such an rj we do not use an existential second-sort quantifier 
here; instead, we simply assert that for any i = 1, . . . ,n: 

|eiW-eiW| =0(lK-i). 



4. The vectors in V are "almost" orthonormal, in the following sense: 

(vi, Vj) = 0(1^-^) , for alll<i^j<n, 

(vi,v,) = l + 0(l/n^~^), for alll<i<n. 

5. The parameter \ is a sequence Ai > A2 > • • • > A„ of rational numbers such that for every 
1 < i < n, there exists a vector tj € Q" for which ||tj||oo = 0{l/n'^~^), and 

Mvi = XiVi + ti . 

(Similar to Item 3 above, we do not use an existential second-sort quantifier for ti here.) 

It should be easy to check that EigValBound(M, A, is a S^-definable relation in VTC^. 

Now we show that there exist objects M, A, V that satisfy the predicate 
EigValBound(M, a, V). 

Proposition 6.5 (Suitable approximations of eigenvector bases exist) Let M be annx 
n real symmetric matrix whose entries are quadratic in n. Let U = {ui,...,u„} C M" be 
the orthonormal basis consisting of the eigenvectors of M, let c £ 'N be positive and constant 
(independent of n). IfV = {vi, . . . , v„} C Q" is an approximation of U (Definition 6.3), 
A = {Ai, . . . , A„} is the collection of rational 1/n'^- approximations of the real eigenvalues of M 
such that Ai > A2 > • • • > A„, then EigValBound(M, A, F) holds (as before, the predicate 
holds in the standard two-sorted model, for the appropriate encodings of its parameters).'^ 

Proof: Let Uij be an abbreviation of Uj(j), that is, the jth element in the vector Uj, and 
similarly for Vij. We proceed by checking each of the conditions in Definition 6.4. 

Condition (1): Holds by the definition of an approximation of a real vector and by Claim 6.2, 
stating that the e-approximation of a real number in [—1,1] is a rational number whose both 
denominator and numerator are of value 0{n^). 

''^This is an existence statement. We do not claim that the statement of the proposition is provable in the 
theory (nevertheless, some of the computations can be carried out inside the theory). 
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Condition (2): Since Vij is a rational 1/n'^-approximation of Uij, and \uij\ < 1 (because 
||uj|| = 1) for any 1 < i, j < n, we have \vij\ < 2 . 

Condition (3): By orthonormality of the real matrix U, we have that [/* = U~^, that is: 

n 

UijUi = ej , for any j = 1, . . . , n . (46) 

By assumption, for any I < i < n there exists Sj = (sji, • • • , Sm) G IR" such that ||sj||oo < l/n'^ 
and Vj = Uj + Sj. Therefore, for any 1 < j < n, we have: 



i=i i=i 



We define 



which gives us 



ej := ^ VijVi = '^{uij + Sij) ■ (ui + Sj) 

i=l 

n n n 

liijUj + y^ UijSi + y^ Sij ■ (ui + Si) . (47) 

i=l 1=1 i=l 

= ej by (46) 

n n 

tiijSj + ^ Sjj • (Uj + Sj) , 
1=1 i=l 

~ + ■ 

Note that since X^^Li ^ijVi = is a rational vector then is also a rational vector. 

It remains to show that ||rj||oo = 0{l/n'^~^). Since 1 = ||ui|p = we have \uij\ < 

1. By this, and by the fact that ||sj||oo < ^/n'^, we get ||^iLi^ijSj||oo = 0{l/n'^~^) , and 
IEr=i ■ (^i + ^i)lloo = 0{l/n''~^). This means that ||rj||oo = 0(l/n'="^). 

Condition (4): This is similar to the proof of Condition (3). By assumption, for any 1 < i < n 
there exists Sj = {sn, . . . , Sj„) G such that ||sj||oo < l/n*^, and Vj = Uj + Sj. Thus, we have 

(Vi, Vj) = (Uj + Si, Uj + Sj) 

= (ui, Uj) + (si, Uj + Sj) + {ui, Sj) . (48) 

The first term in (48) is since U is an orthonormal basis, and the second and third terms in 
(48) are both 0(l/n'^~^) (by calculations similar to that in the proof of Condition (3)). 
The proof of (vj, Vj) = 1 + 0{l/n'^~^) , for all 1 < i < n , is similar. 

Condition (5): Similar to the proof of previous conditions, we define Sj = {sn, . . . , Sin) G 
such that ||sj||oo < '^/f^^-, and Vj = Uj + Sj, for any 1 <i <n. We have 

Mvi = M(ui + Si) 

= MvLi + Msi. (49) 
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Since Uj S is the eigenvector of M and Aj is a 1/n^-approximation of the eigenvalue of Uj, 
we have that (49) equals 



for some |e| < l/n'^, 



(Ai + e)ui + Msi (50) 



AjUj + euj + Msj 
Ai(vi - Sj) + euj + Msj 
AjVj - \iSi + eui + Msj 



We put 



ti := -XiSi + eui + Msi. 
It remains to show that ||tj||oo = 0{l/n'^~^). 

Claim 6.6 For every 1 < i < n, Xi = O(n^). 

Proof of claim: Since ||uj||oo = 1 and, by assumption, every entry in M is O(n^), we have: 

||Mu,||oo = 0(n3). (51) 

Observe that 

Mui = {Xi + e)ui = XiUi + euj. (52) 

Because |e| < l/n'^ and || 

^illoo — 1) W6 hcivG llcujlloo — 0(1/71'^). TliGrcfore, by (51) cind. (52) wg 

have Ai = 0{n^). ■ claim 

We have ||sj||oo < '^/n'^, and so by Claim 6.6 we get that || — AjSj||oo = 0{l/n'^~'^). Now, 
||euj||oo = 0{l/n'^) and since M has entries which are Oiin?) we have ||Msj||oo = 0{\/n'^~'^). We 
conclude that 

||ti||oo ~ II AjSj -|- eUj -|- iV^fSjlloo 

^ ||~AjSj||oo + ||euj||oo + ||Afsj||oo 



6.4 Certifying the spectral inequality 

In this section we show that the theory VTC'^ can prove that, if EigValBound(M, A, V) holds, 
then the desired spectral inequality also holds. 
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Note on coding and formalizing the proof in VTC : In what follows we will write freely 
terms such as matrices, vectors, inner products, products of a matrix by a vector (of the appro- 
priate dimensions), addition of vectors, and big sums. We also use freely basic properties of these 
objects; like transitivity of inequalities, distributivity of a product over big sums, associativity 
of addition and product, etc. We showed how to formalize these objects, and how to prove their 
basic properties within VTC^ in Sections 3.2.2 and 3.2.4 (see Proposition 3.22). 

For an assignment A G {0, 1}" we define its associated vector a € {—1, l}" such that a(i) = 1 
if A{i) = 1 and a.{i) = — 1 if A{i) = 0. In other words we define a(z) = 2A{i) — 1. Note that 

n 

a = ^ a(i) • Si . 

i=l 

We define 

n 

a:=^a(i)-ei, (53) 

1=1 

and recall that ei := Yl^=i '^ij '^j is a rational approximation of ej (Definition 6.4). We let a*Ma 
abbreviate (a. Ma) (which is Sf -definable in FTC°, by Section 3.2.2). 

Lemma 6.7 (Main spectral bound) The theory VTC^ proves that if A is an assignment to 
n variables (that is, A is a string variable of length n + 1) and EigValBound(M, A, F) holds, 
then 

a*Ma < An + o(l) . (54) 

This is a corollary of Lemma 6.8 and Lemma 6.11 that follow. 

Lemma 6.8 The theory VTC^ proves that for any assignment A to n variables, 
EigValBound(M, A, y) implies: 

sl^Msl < a* Ma + 0(l/n^-^), 
where c is the constant from the EiGVALBouND(Mi^, A, y) predicate. 

Proof: First note that j4 is a string variable of length n. By Definition 6.4 for any 1 < j < n 
there exists a vector r^ G Q" such that ej = ej +rj, and where ||rj||oo = 0{l/n'^~^). Therefore, 
by (53): 

n n n n 

a = ^a(i)ei = ^a(z)(ej + r^) = ^a(i)ei + ^a(i)ri . 

i=l i=l 1=1 1=1 

Note that a(i)ei = a, and let 

n 

— Xla(i)ri. 

i=l 

Then, 

a = a + r , 
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and since a(i) G { — 1,1}, we have ||r||oo = 0(l/n^ ). Now, proceed as follows: 

a*Ma = (a - r)*M (a - r) 

= a* Ma - a* Af r - r*Ma + r*Mr . (55) 

We now claim that (provably in VTC^) the three right terms in (55) are o(l): 

Claim 6.9 The theory VTC^ proves that for any assignment A to n variables, 
EigValBound(M, a, V) implies: 

-a*Mr - r*Ma + r*Mr = O (l/n'^-^) . 

Proof of claim: Consider — a*Mr. Since ||a||oo ^ 2 and since (by construction) each entry 

in M is at most O(n^), we have ||a*M||oo = O(n^) . Therefore, 

-a*Mr = O (^^) . Similarly, we have -r*Ma = O (^^) • 

Considering r*Mr, we have ||r*M||oo = 0{l/n^~'^) and so r*Mr = ©(l/n'^"^ • l/n'^"^ • ?i) = 
0(1/^2^-8) = 0(lK-5), 

Claim 6.9 concludes the proof of Lemma 6.8. ■ 

Claim 6.10 There is a constant d such that the theory VTC^ proves that 
EigValBound(M, A, V^) implies that: 

{ei,ei) = 1 + 0{l/n'^ ), for any I < i < n, and 

{ei,ej) = 0{l/n^ ), for any 1 < i / j < n. 

Proof of claim: By assumption for any 1 < z < n, Sj = + rj for some ||rj||oo = 0(l/n^~^). 
Thus 

= \\eif + 2{ei,ri) + \\rif (56) 
= 1 + 0(1), (57) 

where the last equation holds since 2(ej,rj) and ||rj||2 can be easily proved to be o(l) in VTC^. 
Proving {ei,ej) = 0(l/c') for any 1 < i / j < n, is similar. Bciaim 

Lemma 6.11 The theory VTC^ proves that for any assignment A to n variables, 
EigValBound(M, A, y) implies: 

sl^Mr < Xn + o(l) . (58) 
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Proof: We have: 

/ " 

a*Ma = a*M ^ a(z)ej 



,i=l 
n 



i=i \ j=i 

n I n 



i=l 



(by definition of a) 
(by definition of Cj) 

(rearranging) 

(by Definition 6.4) 

(rearranging) (59) 



i=l 



i=l 



(D 



We claim (inside VTC^) that the second term above, denoted ®, is of size o(l): 

Claim 6.12 The theory VTC^ proves that for any assignment A to n variables, 
EigValBound(M, A, y) implies 



n 



c-6\ 



i=l 



Proof of claim: The proof is similar to the proof of Claim 6.9. Specifically, by Definition 6.4, 
for any 1 < j < n, we have ||rj||oo < l/n'^"^, and for any 1 < i,j < n, we have \vji\ < 2. Thus, 
VTC° proves that || E"=i ^jir^ ||oo = 0(l/n="^) , for any 1 < i < n. Since a{i) G {-1, 1}, for 
any 1 < i < n, the theory VTC^ proves ||a(i) • Yl'^=i'^ji^j\\oo = 0(l/n'^~^), for any 1 < i < n, 
and therefore also proves 



i=l 



0(1/?!' 



c-3\ 



(60) 



Now consider a = Y17=i a(^)ei = Y17=i (^(^) " Sj=i ■ Since, for any 1 < i, j < n we have 

\vji\ < 2 we have || ^^"=1 ^jiVj ||oo = 0{n). Thus, since a(i) S {—1,1}, VTC^ can prove that 
a = 0(?i^), and so by (60) the theory can finally prove 

n / n \ 

s^EUw-E^^^-^O =o(iK"6). 
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I Claim 

It remains to bound the first term in (59): 



n n 



s*- E^wEv.^v, . (61) 
\i=i j=i J 

By the definition of a in (53) and the definition of the ej's, we get that (61) equals: 

n n \ / " " \ 

a(i) ^r^v* \ [Y. <^ E ^^""^^^ ■ (62) 
j=i j=i j \i=\ i=i / 

We can prove in VTC^ that for any vectors bi,...,bf G and any rational numbers 
ci, . . . , Q and Ci, . . . , Q, such that ^ = max{Ci : 1 < i < we have 



\i=l i=l / \i=l i=l 

Therefore, we can prove in VTC° that (62) is at most: 



n n \ I ^ " 

^ • I E ^^'^ E ""riy] ME ^(') E ^j^^i 
i=i j=i / \i=i i=i 



A • |^^^a(i)e^J • |^^^a(i)ejj (by definition of Cj) 

In n \ 

^ • ( E ' E ) 



\i=i i=i 

n 



= X • ^(a(i)ei , a(i)ei) + A • ^ (a(i)ei, a(i)ej) (by rearranging) 

n n 

= A • Y^ a(0^(^^i , fij) + A • a(z)a(j)(ei, ej) (by rearranging again) 

n n 

= A -^1 -(1 + 0(1)) + A- ^ a(i)a(j)o(l) (by Claim 6.10) 

i=l l<*7^i<'^ 

= An + o(l) (for sufficiently large constant c).^ (63) 

This concludes the proof of Lemma 6.11. h 



*The constant c here is the global constant power of n (appearing in the 1/n'^-approximation in Definition 
6.4). 
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7 Wrapping up the proof: TC -Frege refutations of random 
3CNFs 

In this section we establish the main result of this paper, namely, polynomial-size TC'^-Frege 
refutations for random 3CNF formulas with clauses. 

7.1 Converting the main formula into a VE^ formula 

Note that the main formula (Definition 4.6) is a Y1q{C) formula, where the language C contains 
function symbols not in C\, and in particular it contains the numones function. Since Theorem 
3.25 relates VTC^ proofs of formulas to polynomial-size TC'^-Frege proofs, in order to use 
this theorem we need to convert the main formula into a formula (in the language >C^). It 
suffices to show that VTC^ proves that the main formula is equivalent to a VS^ formula, since 
if VTC^ proves a VS^ formula V$, it also proves the T,q formula $ obtained by discarding all 
the universal quantifiers in V<I>. 

Lemma 7.1 The theory VTC^ proves that the main formula is equivalent to a VS^ formula 
V$ where the universal quantifiers in the front of the formula all quantify over string variables 
that serve as counting sequences. Specifically, 

V«> := VZi <ti...yZr<tr ^>(Zi, . . . , Zr), (64) 

where ti, . . . ,tr are number terms and ^{Zi, . . . , Z^) has also free variables other then the Zi 's, 
and every occurrence of every Zi appears in $ in the form {5mum i\T\ , T, Zi)AZi[t] = s), for some 
string term T and number terms t,s, and where 5num(|^| ,T,Zi) states that Zi is a counting 
sequence that counts the number of ones in T until position \T\ (see Definition 3.12). 

Proof: The following steps convert the main formula into a VS^ formula which is equivalent 
(provably in VTC^) to the main formula: 

1. All the functions in the main formula are AC°-reducible to £^ U { numones^ (see Section 
3.2.1). Thus, the defining axioms of all the function symbols in the main formula can be 
assumed to be Tiq {numones) formulas. Now, it is a standard procedure to substitute in 
the main formula all the function symbols by their S^(ntiTOones)-defining axioms.^ The 
resulting formula is (numones), and provably in VTC^ is equivalent to the original 
main formula. 

2. We now substitute all the numones function symbols by their -defining axioms. Specif- 
ically, every occurrence of numones{t, T) in the formula, for t, T number and string terms, 
respectively, occurs inside some atomic formula ^ := . . numones{t, T) . . .). And so we 
substitute ^ by the existential formula 

3Z<1 + {\T\ , |r|) (<5num(|T| , T, Z) a Z[t] = z A *(. . . z . . . )) . 

®When the defining axiom of a string function F{x, X) is a hit- definition i < r{x, X) Aipihx, X) , we substitute 
an atomic formula like F{x, X){z), by 2 < r{x,X) A ^{z,x, X) (cf. Lemma V. 4. 15 in [17]). 
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3. Note that all the numones function symbols appear in the premise of the implication in 
the main formula, so we can take all these existential quantifiers out of the premise of the 
implication and obtain a universally quantified formula, where the universal quantifiers in 
the front of the formula all quantify over string variables that serve as counting sequences 
(as in Item 2 above). 



7.2 Prepositional proofs 

We need to restate the main probabilistic theorem in [22]: 

Theorem 7.2 ([22], Theorem 3.1) Let C be a random 3CNF with n variables and m = (3 -n 
clauses ((3 = c ■ n^-^, c some fixed large constant). Then, with probability converging to 1, the 
following holds: 

1.2^, 



The imbalance of C is at most 0{ny/^) = 0{n 
The largest eigenvalue A satisfies A = O(v^) = 0( 



0.2^ 



• There are k = 0{f,) = 0{n^-^), t = n{n/3) = n{n^-^), d = 0{k) = 0{n^-'^) and C with 
\C\ = t such that COLL(t, k, d, n, m, C, C) holds. 

We need to rephrase the theorem in a manner that suites our needs, as follows: 

Corollary 7.3 Let C be random 3CNF with n variables and m = c ■ n^'^ clauses where c is 
sufficiently large constant. Then, with probability converging to 1, the following holds:^^ 

1. There exists an I = 0{n^''^) such that 1mb(C,/). 

2. There exists an 1 / n"^' -rational approximation V of the eigenvector matrix of M and - 
rational approximations A of the eigenvalues of M , for some constant c' > 6; in other 
words, EigValBound(M, A, F) and Mat(M, C) hold. And the 1 / n'^' -rational approxima- 
tion A of the largest eigenvalue of M satisfies A = 0(n^'^). 

3. There are natural numbers k = 0{n^'^), t = ^l,{n^''^), d = 0{k) = Oirfi'"^) and a sequence 
& of t inconsistent k-tuples such that COLL(t,k,d,n,m,C, holds, and such that: 

d(I + Xn) 
t> - + o{l). 



^'^Formally speaking, we mean that the foUowing three items hold in the standard two-sorted model N2, when 
all the second-sort objects (like C and ^) are in fact finite sets of numbers (encoding C and !^) , natural numbers 
are treated as natural numbers in the standard two-sorted model and rational numbers are the corresponding 
natural numbers that encode them as pairs of natural numbers (as described in Section 3.1.2). 
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Proof: The corollary stems directly from Theorem 7.2. Note only that the last inequality 
concerning t stems from direct computations, using the bounds in Theorem 7.2 with /3 = nP'^, 
and that Item 2 follows from Proposition 6.5. ■ 

Recall the premise in the implication in the main formula: 

3CNF(C, n, ?Ti) ACOLL(t, k, d, n, m, C, A Imb(C, /) A Mat(M, C) A 

d- (I + Xn) (65) 
EigValBound(M, X,V) a a = max{A} A t > — ^— + o(l). 

Let PIlEM.{C,n,m,t,k,d, I , X,V, M, X, Z) be the formula obtained from (65) after trans- 
forming the main formula into a VS^ formula, where Z is a sequence of strings variables for 
counting sequences added after the transformation (as described in Lemma 7.1). 

The following is a simple claim about the propositional translation (given without a proof): 

Claim 7.4 // a formula (p{x, X) can be evaluated to a true sentence in N2 by assigning 
numbers x and sets X_ to the appropriate variables, then the translation is satisfiable. 

Lemma 7.5 For every m, n G N and every unsatisfiable 3 CNF formula C with m clauses and n 
variables such that PREM(C, n, m, . . . ) is true for some assignment to the remaining variables 
(i.e. to the unspecified variables denoted by ". . . "; this also implies that [[PREM(C, n, m, . . . )] 
is satisfiable), there exists a polynomially bounded TC^-Frege proof of ->C (i.e. the sequent 
— > -iC can be derived). 

Proof: Recall that for given m,n £ N, 3CNF formula C = {C[a])a<Tn and assignment A, the 
formula 3a < m NOTSAT(C[i], ^) (which is the consequence of the implication in the main 
formula 4.6) is the statement: 

3a < m3i,j,k < n{ (C[a])f = i A {A{i) o ((C[a])|)? = 0) 
A{C[a])l=jA{A{j)^{{C[a])l)l = 0) 
A{C[a])l = kA{Aik)^{{C[a])l)l = 0)). 

The propositional translation of this formula (Definition 3.23) contains the variables P^^ j q,^ 

with i.,j,k < n, a < m. Additionally it contains variables pf for i < n stemming from the 
assignment A. It is not necessary to show the full translation of the formula, since we intend 
to plug-in propositional constants (T, _L) for some of the variables. In other words, parts of the 
formula will consist of only constants and so it is unnecessary to give these parts in full detail. 
Having this in mind, the translation |3a < mNOTSAT(C[a], A)]]m,n is 

m— 1 n 

V V ( iliCMl = iUn A {Pt ^ m[a])l)l = OU,n)) 

A mC[a])l = jUn A {pf ^ l{{C[a])l)l = OU,n)) 
A mC[a])l = kUn A {pt ^ I((C[a])l)i = Ol„„„))). 
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Here, the variables P^ji-i^^j all implicitly appear in the parts inside [-J. 

Now assume we have a fixed 3CNF C with n variables and m clauses. Then for every a < m 
there exists 1 < i,j,k < n such that the formulas [[(C[a])f = i\m,n and [[(C[a])2 = j\m,n and 
[[(C[a])3 = /cjm.n are all satisfied (in fact they are polynomial-size in n prepositional tautologies 
consisting of only constants T, _L). From now on we will only concentrate on the disjuncts where 
this is the case (as the other disjuncts are falsified, or in other words they are prepositional 
contradictions consisting of only constants) . 

By plugging C into [((C[a])l)? = Ol„,,„ and I((C[a])l)3 = 0U,„ and I((C[a])t)i = 0^,, we 
get that pa < mNOTSAT(C[a], A)]m,n is evaluated to 

V {iPtr^ A (p/)^? A (p^)^3) , (67) 
where £° is an abbreviation of [((C[a])|)3 = 0] 

m^ni and thus we can observe that (67) gets 
evaluated to ^Qipi /xi^ . . . ,p^/x.„), where pf /xi means substitution of Xj by pf-. 

By Theorem 5.1 the theory VTC^ proves the main formula and so by Lemma 7.1 there is 
a FTC° proof of 

PREM(C,n,m,t,fc,d,^,/,A,T/,M, A,Z) ^ 3i < m NOTSAT(C[i], A). 

Thus, by Theorem 3.25 we can derive a polynomially bounded TC^-proof of the formula 

[PREM(C, . . . )lm,n ^ pa < mNOTSAT(C[a], ^)1^,„ 

and thus also of the sequent 

[PREM(C, . . . )'\m,n pa < ?nNOTSAT(C[a], A)l^,n. 

By Claim 7.4 and the assumption that PREM(C, n, m, . . . ) is true in N2 for an assignment 
to the remaining variables we know that [[PREM(C, . . . )]m,n is satisfiable. Plugging-in such 
a satisfying assignment a into [PREM(C, . . . )]]m,n, Lemma 2.7 yields a polynomially bounded 
TC^-Frege proof of 

IPREM(C, d)\m,n 

and of the sequent 

[PREM(C,a)]™,„ pa < mNOTSAT(C[a], A)l^,„. 

Using the Cut rule (Definition 2.4) we get a polynomially bounded TC^-Frege proof of the 
formula 

pa < mNOTSAT(C[a],^)U,„. 
As we showed before, this gets evaluated to 

^QiPl/xi,...,Pn/Xn) 
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as desired. Because of Claim 2.7, this proof is only polynomially longer than the one of the 
translation of the main formula. Since that proof was polynomially bounded, the above proof 
of ~'C(p|^/xi) also is. ■ 

We can now conclude: 

Corollary 7.6 With probability converging to 1, a random 3CNF C with n variables and m > 
c • n^''^ clauses, c a sufficiently large constant, -iC has polynomially bounded TC^ -Frege proofs, 
while C has no sub- exponential size resolution refutations (as long as m = 0{n^'^~''), for < 
6 < 1/2). 

Proof: By Corollary 7.3, with probability converging to 1 there exists an assignment of num- 
bers and strings a (including also the appropriate counting sequences assigned to the Zi string 
variables introduced in Lemma 7.1) such that PREM(C,a) holds (in the standard two-sorted 
model). Therefore, with probability converging to 1 we can apply Lemma 7.5 to establish that 
-iC has a short TC'^-Frege proof. That with probability converging to 1 there are no sub- 
exponential size resolution refutations of C follows from [14, 6, 10]. ■ 
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